Free SSL Certificate with Let’s Encrypt

Free SSL Certificate with Let’s Encrypt

If you have ever installed an SSL certificate you know that it can be a tedious process. Let’s Encrypt makes this easy. Just call the letsencrypt command from the terminal and point it at your domain.

letsencryptlogo

Securing your website with a valid ssl certificate from a recognized and trusted vendor shows your website visitors that information transmitted between your site and their browser is encrypted. Now thanks to “Let’s Encrypt”, and the “Internet Security Research Group (ISRG)” obtaining a certificate has never been easier or more affordable… can’t get cheaper than free.

Prerequisites

  • Ubuntu 16.04 (Previous versions may work as well but I haven’t tested it. If you try it on 14.04 and it works let me know.)
  • Apache – with a virtual host configured. See this post if you’re not sure how to set up Apache 2 with virtual hosts on Ubuntu.
  • A domain name
  • Root access to the web server

Install Let’s Encrypt Automated Tools

The best thing about Let’s Encrypt is that it provides fully automated tools that make setting up your secure site as easy as possible. No need to learn about openssl commands or obtaining CA certificates.

Install python-letsencrypt-apache

sudo apt update
sudo apt install python-letsencrypt-apache

This will ask to install quite a few python libraries and tools, accept the installation by pressing “y” when prompted.

Configure your site for SSL

httpsIf you have ever installed an SSL certificate you know that it can be a tedious process. Let’s Encrypt makes this easy, just call the letsencrypt command from the terminal and point it at your domain. (Replace example.com with your own domain).

sudo letsencrypt --apache -d example.com -d www.example.com

The -d option specifies which domain or domains that you want to request an ssl certificate for.

At this point, you will be prompted to select the domain from the list of sites that are configured in the /etc/apache2/sites-enabled/ directory. If you already set up a virtual host you should see your site listed. Often letsencrypt will automatically detect your site based on the “ServerName” field in the virtual host configuration file.

Select your domain, chose https only or both http and https. I always choose https only since I don’t have any real need for http, but you have the option to use both.

Let's Encrypt security options

Your SSL Certificate will be valid for 90 days, and can be easily renewed as follows.

sudo letsencrypt renew

You can run that now and it’s output should tell you that you have no certificates that need to be renewed. Let’s Encrypt recommends that you renew every 60 days.

Automate SSL Renewal with Cron

Automatically renewing your ssl can be done with a cron job. We will create a file in cron.weekly so that Let’s Encrypt will check once a week for sites that have a renewal available.

sudo vi /etc/cron.weekly/le-autorenew

Add the following to this file:

#!/bin/bash
#
#renew letsencrypt certificate and create log
/usr/bin/letsencrypt renew >> /var/log/ssl-renew.log

If you are interested in learning more about Let’s Encrypt or some of their sponsors (which includes big names like Mozilla, Facebook, Cisco, and many more) you can visit them here: https://letsencrypt.org

Author: Luke

Linux Systems Administrator RHCSA, LFCS, ITIL v3 Foundations.

Leave a Reply