Creating your first let’s encrypt certifcate on Linux

I still see system administrators hold off on SSL because they are scared for the process of creating certificate requests, getting the certificates and then integrating them into apache. This writeup will show how to install an SSL certificate using CERTBOT, a handy tool provided by let’s encrypt that takes all the manual work out of the process. Certbot will create the request, get the certificate, install the certificate and also configure your webserver with the needed redirects all in one go. While i believe it is usefull the understand the underlying process this is by no means mandatory, and Certbot will give you extremely easy entry into the world of SSL.

Visit the CERTBOT site and select the webserver and operating system software you are useing. In this case “Apache” on “Ubuntu 18.04 Bionic”. Certbot will tell you what you need to install on your system to get it up and running. In our case:

#sudo apt-get update
#sudo apt-get install software-properties-common
#sudo add-apt-repository universe
#sudo add-apt-repository ppa:certbot/certbot
#sudo apt-get update
#sudo apt-get install certbot python-certbot-apache 

Note that all this is only needed the first time to bring the needed tools into your system. In the future for subsequent certificates you only need the single step below.
Next, we will start the certificate bot to start the process of obtaining and installing a certificate.

#sudo certbot --apache
  • Configure the email address to send renewal notices to.
  • Agree to the terms of service used by let’s encrypt
  • Optional: Sign up to the FF mailing list
  • The certificate bot will now list the sites found on your system. Select the site you want to enable SSL for from the list.
  • Now you get the option to auto redirect traffic to the SSL site. Unless you have specific reasons not to, enable automatic redirection (option 2)
  • As a last step, you can verify the certificate and communication through https://www.ssllabs.com/ssltest/analyze.html?d=your.domain.here

Thats it. Is doenst get any easyer then that does it 🙂 ?

This information is compiled on Ubuntu Server 18.04.1 LTS