Lets-encrypt provide free and trusted ssl certificates by many browsers, it has many ways to generate the certificates, mostly use the browser option to create accounts on their website, generate certificates according to the instructions provided on the web, this process is done every 90days as Letsencrypt provide the certificates for only 90days period where you have to regenerate again.
Here, we will use certbot command to generate certificate on our linux box server, we will also enable auto renewal of the certificate and no need for us to regenerate every 90days
sudo apt install certbot python3-certbot-apache
Then create the virtual file for your domain
sudo nano /etc/apache2/sites-available/your_domain.conf <VirtualHost *:80> ServerAdmin webmaster@localhost ServerName your_domain ServerAlias www.your_domain DocumentRoot /var/www/your_domain ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
Test apache configurations if they are ok
sudo apache2ctl configtest
If ok restart apache
sudo systemctl reload apache2
If not check the error and correct it
Now lets generate the certificate using the carbot we just installed from the beginning of this tutorial
sudo certbot --apache -d your_domain -d www.your_domain
This runs certbot
with the --apache
plugin, using -d
to specify the names you’d like the certificate to be valid for.
If this is your first time running certbot
, you will be prompted to enter an email address and agree to the terms of service. After doing so, certbot
will communicate with the Let’s Encrypt server, then run a challenge to verify that you control the domain you’re requesting a certificate for.
If that’s successful, certbot
will ask how you’d like to configure your HTTPS settings:
After finishing successfully, you need nothing to do extra but just to access your site on https to test if the configurations were done ok
you can use the below command to renew the certificate and if possible add it to cron so it checks and runs for automatic renewals
sudo certbot renew
Try a dry renewal to see if renewals is done successfully on the sport before certificate expires
sudo certbot renew --dry-run
Hope you enjoy the tutorial