To make the web more secure, you need SSL on every website. SSL stands for Secure Socket Layer, the technology behind SSL certificates is to secure the communication between clients and servers. Moreover, Google started to use HTTPS as a ranking signal. In this article, I will share step by step guide to install Let’s Encrypt SSL on Ubuntu 20.04 with auto-renewal.
Page Contents
Install Let’s Encrypt SSL on Ubuntu 20.04 with Auto-Renewal
Server Requirements
- One Ubuntu 20.04 server setup with non root user with firewall.
- A registered domain name, you can purchase from Namecheap or domain.com
- DNS mapped with domain for both A record and canonical
- Apache has to be installed, follow the article How to install LAMP on Ubuntu 20.04
Step by Step Guide to Install Let’s Encrypt SSL with auto renewal
Step 1: Install Let’s Encrypt client – Certbot
Before installing SSL, let’s update all the Ubuntu packages with Certbot download
$ sudo apt update && sudo apt install certbot python3-certbot-apacheStep 2: SSL certificate generate and install
After installing Certbot we have to generate an SSL certificate for our domain. Let’s take an example domain name “installssl.com“.
Certbot is preconfigured with Apache, it will automate the installation.
$ sudo certbot --apache -d installssl.com -d www.installssl.comThis runs certbot with the –apache plugin, using -d to specify the names you’d like the certificate to be valid for.
Now Certbot will ask how you’d like to configure your HTTPS settings
Output
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):Select your choices and hit enter, your certificate should be installed now. It will show a success message.
Output
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/installssl.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.installssl.com/privkey.pem
Your cert will expire on 2018-07-23. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-leBrowse your domain name with https:// on the browser, your domain will load with SSL.
Step 3: Check Let’s Encrypt Certificate Renewal
Certbot will renew the certificate, as the Let’s Encrypt SSL certificate is generate only for 3 month, so every 3 month after, Certbot will renew the certificate automatically. To ensure everything is just fine with auto renewal, we have to run following command.
$ sudo systemctl status certbot.timerOutput will be
Output
● certbot.timer - Run certbot twice daily
Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Tue 2021-04-03 19:37:23 UTC; 15h ago
Trigger: Fri 2021-04-24 23:50:31 UTC; 12h left
Triggers: ● certbot.service
Apr 03 19:37:23 fine-turtle systemd[1]: Started Run certbot twice daily.To test the renewal system, you can try dry run with certbot
$ sudo certbot renew --dry-runIf there is no error message, you are done with installation.
Step 4: Test SSL
You can check your SSL installation on SSL Lab with your domain name.
Conclusion
In this tutorial, you learned about Let’s Encrypt SSL installation on Ubuntu, if you have any questions please comment below, I will try to answer all your question.
