How to set “Let’s Encrypt SSL Certificate” for a website hosted on an Apache web server

Let ’s Encrypt is a certificate authority that provides free SSL / TLS certificates that are immediately verified and signed and can be used to protect your website. The certificate is valid for 90 days, but you can easily set up a task to automatically handle renewals.

This tutorial has been tested on the following Linux distributions:

Debian Linux 9 (Extended)
Debian Linux 8 (Jesse)

Last updated:
March 26, 2018

We will use certbot for authentication and deployment, so the first step is to install certbot.

1. Add jessie backports apt repository (not needed when running Debian Linux 9)

echo "deb jessie-backports main" >> /etc/apt/sources.list
apt-get update

2. Install certbot

For Debian Linux 9 (stretched), use the following command:

apt-get install python-certbot-apache

For Debian Linux 8 (jessie), use the following command:

apt-get install -t jessie-backports python-certbot-apache

3. Now that we have certbot installed, let’s request a certificate

certbot --authenticator webroot --installer apache

You will get a list of available hosts that the Apache web server is currently serving as follows:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

Type a comma-separated list of hosts that should be included in the certificate, for example: 1,2.

4. Select webroot for each selected host. webroot is the base directory of the website and is required for the verification process. Each domain may or may not have a different Webroot.

After verifying the Webroot directory, certboot will automatically request a certificate and create a file on the server containing the key and certificate.

5. In the next step, you will be asked if you need HTTPS. If HTTPS is required, certbot will configure apache to redirect http requests to the site to https. Choose whatever fits your needs here.

6. Now you can access the host via https, such as ex.

7. The certificate will expire in 90 days. You can manually renew the certificate using the same certbot command, but it is better to add a cronjob to handle the certificate automatically.

Open crontab with your favorite text editor:

crontab -e

And add the following line at the end of filw:

30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log

That’s it, now your website is secure and the certificate will be automatically updated.

Source link