How to install Let’s Encrypt on Apache2

How-to-install-lets-Encrypt-free-SSL-on-Apache2

In this tutorial we are going to show you, with step-by-step instructions on how to install Let’s Encrypt with Apache on Ubuntu.

Let’s Encrypt is an open SSL Certificate Authority (CA) that offers free domain-validated (DV) certificates for your websites. SSL Certificates are used to establish a secure encrypted connection between a web server and a user’s web browser. The SSL certificates that have been issued by Let’s Encrypt are valid for 90 days and are trusted by most web browsers today.

1. Requirements

In order to start with the installation procedure, you need to have Apache or Nginx installed on your server. If there is no web server installed on your virtual server, please follow this tutorial to install Apache.

Also, you need a registered domain name with its A record pointing to your server’s IP address. For the purposes of this tutorial, we will use ‘yourdomain.com’.

2. Install CertBot

Run the following commands:

sudo apt-get install software-properties-common python-software-properties
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache

3. Install Let’s Encrypt SSL

Install Let’s Encrypt SSL certificate on your domain (do not forget to replace ‘yourdomain.com’ with your actual domain):

sudo certbot --apache -d yourdomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): admin@yourdomain.com

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
(A)gree/(C)ancel: A

Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
(Y)es/(N)o: N
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for linuxhostsupport.com
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Deploying Certificate for yourdomain.com to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf

4. Redirect HTTP traffic to HTTPS

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf

Congratulations! You have successfully enabled https://yourdomain.com

5. Renew the SSL certificate with a cron job

Create a cron job so the SSL certificate is renewed automatically. Run:

crontab -e

and add the following line:

0 0 1 * * /usr/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log

Save and close that file and restart cron service for the changes to take effect:

service cron restart

Open https://yourdomain.com in your favorite web browser, and check whether Let’s Encrypt SSL is installed properly:

That is it. Let’s Encrypt SSL certificate has been successfully installed on your website.