Lets-encrypt provide free and trusted ssl certificates  by many browsers, it has many ways to generate the certificates, mostly use the browser option to create accounts on their website, generate certificates according to the instructions provided on the web, this process is done every 90days as Letsencrypt provide the certificates for only 90days period where you have to regenerate again.

Here, we will use certbot command to generate certificate on our linux box server, we will also enable auto renewal of the certificate and no need for us to regenerate every 90days

sudo apt install certbot python3-certbot-apache

Then create the virtual file for your domain

sudo nano /etc/apache2/sites-available/your_domain.conf
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName your_domain
    ServerAlias www.your_domain
    DocumentRoot /var/www/your_domain
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

Test apache configurations if they are ok

sudo apache2ctl configtest

If ok restart apache

sudo systemctl reload apache2

If not check the error and correct it

Now lets generate the certificate using the carbot we just installed from the beginning of this tutorial

sudo certbot --apache -d your_domain -d www.your_domain

This runs certbot with the --apache plugin, using -d to specify the names you’d like the certificate to be valid for.

If this is your first time running certbot, you will be prompted to enter an email address and agree to the terms of service. After doing so, certbot will communicate with the Let’s Encrypt server, then run a challenge to verify that you control the domain you’re requesting a certificate for.

If that’s successful, certbot will ask how you’d like to configure your HTTPS settings:

After finishing successfully, you need nothing to do extra but just to access your site on https to test if the configurations were done ok

you can use the below command to renew the certificate and if possible add it to cron so it checks and runs for automatic renewals

sudo certbot renew

Try a dry renewal to see if renewals is done successfully on the sport before certificate expires

sudo certbot renew --dry-run


Hope you enjoy the tutorial