Close Menu
    Ubuntu

    How to Install Let’s Encrypt SSL on Ubuntu 20.04 [Easy Guide]

    Rajesh ShivamBy Updated:No Comments4 Mins Read
    Install Let's Encrypt SSL on Ubuntu
    Install Let's Encrypt SSL on Ubuntu

    To make the web more secure, you need SSL on every website. SSL stands for Secure Socket Layer, the technology behind SSL certificates is to secure the communication between clients and servers. Moreover, Google started to use HTTPS as a ranking signal. In this article, I will share step by step guide to install Let’s Encrypt SSL on Ubuntu 20.04 with auto-renewal.

    Install Let’s Encrypt SSL on Ubuntu 20.04 with Auto-Renewal

    Server Requirements

    • One Ubuntu 20.04 server setup with non root user with firewall.
    • A registered domain name, you can purchase from Namecheap or domain.com
    • DNS mapped with domain for both A record and canonical
    • Apache has to be installed, follow the article How to install LAMP on Ubuntu 20.04

    Step by Step Guide to Install Let’s Encrypt SSL with auto renewal

    Step 1: Install Let’s Encrypt client – Certbot

    Before installing SSL, let’s update all the Ubuntu packages with Certbot download

    sudo apt update && sudo apt install certbot python3-certbot-apache

    Step 2: SSL certificate generate and install

    After installing Certbot we have to generate an SSL certificate for our domain. Let’s take an example domain name “installssl.com.

    Certbot is preconfigured with Apache, it will automate the installation.

    sudo certbot --apache -d installssl.com -d www.installssl.com

    This runs certbot with the –apache plugin, using -d to specify the names you’d like the certificate to be valid for.

    Now Certbot will ask how you’d like to configure your HTTPS settings

    Output
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

    Select your choices and hit enter, your certificate should be installed now. It will show a success message.

    Output
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/installssl.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/www.installssl.com/privkey.pem
   Your cert will expire on 2018-07-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

    Browse your domain name with https:// on the browser, your domain will load with SSL.

    Step 3: Check Let’s Encrypt Certificate Renewal

    Certbot will renew the certificate, as the Let’s Encrypt SSL certificate is generate only for 3 month, so every 3 month after, Certbot will renew the certificate automatically. To ensure everything is just fine with auto renewal, we have to run following command.

    sudo systemctl status certbot.timer

    Output will be 

    Output
● certbot.timer - Run certbot twice daily
     Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Tue 2021-04-03 19:37:23 UTC; 15h ago
    Trigger: Fri 2021-04-24 23:50:31 UTC; 12h left
   Triggers: ● certbot.service

Apr 03 19:37:23 fine-turtle systemd[1]: Started Run certbot twice daily.

    To test the renewal system, you can try dry run with certbot

    sudo certbot renew --dry-run

    If there is no error message, you are done with installation.

    Step 4: Test SSL

    You can check your SSL installation on SSL Lab with your domain name.

    SSL install on Ubuntu

    Conclusion

    In this tutorial, you learned about Let’s Encrypt SSL installation on Ubuntu, if you have any questions please comment below, I will try to answer all your question.

    Share.

    Rajesh Shivam is a seasoned professional with expertise in AWS and Linux System Administration. With over 10 years of freelancing experience, he brings a wealth of knowledge to the table. Rajesh has a strong passion for technology and stays connected with the latest happenings in the field. His dedication and expertise make him a trusted resource for all things tech-related.

    Related Posts

    Add A Comment
    Leave A Reply