How to Install Let’s Encrypt SSL on Ubuntu 20.04

0
Install Let's Encrypt SSL on Ubuntu

To make the web more secure, you need SSL on every website. SSL stands for Secure Socket Layer, the technology behind SSL certificates is to secure the communication between clients and servers. Moreover, Google started to use HTTPS as a ranking signal. In this article, I will share step by step guide to install Let’s Encrypt SSL on Ubuntu 20.04 with auto-renewal.

Install Let’s Encrypt SSL on Ubuntu 20.04 with Auto-Renewal

Server Requirements

  • One Ubuntu 20.04 server setup with non root user with firewall.
  • A registered domain name, you can purchase from Namecheap or domain.com
  • DNS mapped with domain for both A record and canonical
  • Apache has to be installed, follow the article How to install LAMP on Ubuntu 20.04

Step by Step Guide to Install Let’s Encrypt SSL with auto renewal

Step 1: Install Let’s Encrypt client – Certbot

Before installing SSL, let’s update all the Ubuntu packages with Certbot download

$ sudo apt update && sudo apt install certbot python3-certbot-apache

Step 2: SSL certificate generate and install

After installing Certbot we have to generate an SSL certificate for our domain. Let’s take an example domain name “installssl.com.

Certbot is preconfigured with Apache, it will automate the installation.

$ sudo certbot --apache -d installssl.com -d www.installssl.com

This runs certbot with the –apache plugin, using -d to specify the names you’d like the certificate to be valid for.

Now Certbot will ask how you’d like to configure your HTTPS settings

Output
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Select your choices and hit enter, your certificate should be installed now. It will show a success message.

Output
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/installssl.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/www.installssl.com/privkey.pem
   Your cert will expire on 2018-07-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Browse your domain name with https:// on the browser, your domain will load with SSL.

Step 3: Check Let’s Encrypt Certificate Renewal

Certbot will renew the certificate, as the Let’s Encrypt SSL certificate is generate only for 3 month, so every 3 month after, Certbot will renew the certificate automatically. To ensure everything is just fine with auto renewal, we have to run following command.

$ sudo systemctl status certbot.timer

Output will be

Output
● certbot.timer - Run certbot twice daily
     Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Tue 2021-04-03 19:37:23 UTC; 15h ago
    Trigger: Fri 2021-04-24 23:50:31 UTC; 12h left
   Triggers: ● certbot.service

Apr 03 19:37:23 fine-turtle systemd[1]: Started Run certbot twice daily.

To test the renewal system, you can try dry run with certbot

$ sudo certbot renew --dry-run

If there is no error message, you are done with installation.

Step 4: Test SSL

You can check your SSL installation on SSL Lab with your domain name.

SSL install on Ubuntu

Conclusion

In this tutorial, you learned about Let’s Encrypt SSL installation on Ubuntu, if you have any questions please comment below, I will try to answer all your question.

LEAVE A REPLY

Please enter your comment!
Please enter your name here