In this quick guide, we will show you how to set up Let’s Encrypt with Certbot on Ubuntu 20.04 and older. The instructions here will also apply to Debian systems.
Let’s Encrypt is a free, automated, and open certificate authority managed by the nonprofit Internet Security Research Group (ISRG).
It provides X.509 certificates for Transport Layer Security encryption at no charge. The Let’s Encrypt certificates are valid for 90 days after which they are due for renewal.
Certbot on the other hand is a command-line utility that is used for managing Let’s Encrypt SSL certificates on a Linux system. Certbot allows you to request a new SSL certificate, automatically do the authorization and configuration of your web serverA server is a computer application program that responds to requests for information from a client in a client/server relationship system. A typical example is a web server or pushing a web page to a web browser or a web server receiving email and transferring it to an email client. A server can also refer to the actual hardware designed... More. It also facilitates the manual or auto-renewal of certificates issued by the Let’s Encrypt certificate authority.
Steps to set up Let’s Encrypt
For this process to succeed, one must have a valid domain name pointed to by DNS as well as an active web serverA server is a computer application program that responds to requests for information from a client in a client/server relationship system. A typical example is a web server or pushing a web page to a web browser or a web server receiving email and transferring it to an email client. A server can also refer to the actual hardware designed... More. The most common is the Apache web serverA server is a computer application program that responds to requests for information from a client in a client/server relationship system. A typical example is a web server or pushing a web page to a web browser or a web server receiving email and transferring it to an email client. A server can also refer to the actual hardware designed... More and Nginx. But any other web serverA server is a computer application program that responds to requests for information from a client in a client/server relationship system. A typical example is a web server or pushing a web page to a web browser or a web server receiving email and transferring it to an email client. A server can also refer to the actual hardware designed... More will do.
Step 1 – Install Certbot
$ sudo apt install certbot
On Ubuntu 20.04 you have the option of using the snap package manager that comes with the distro by default as follows:
$ sudo snap install --classic certbot
Step 2 – Generate SSL Certificate
You can now use Certbot to request the SSL certificate from Let’s encrypt for your web serverA server is a computer application program that responds to requests for information from a client in a client/server relationship system. A typical example is a web server or pushing a web page to a web browser or a web server receiving email and transferring it to an email client. A server can also refer to the actual hardware designed... More as follows.
1. Apache:
$ sudo certbot --apache
2.Nginx:
$ sudo certbot --nginx
The above commands will list all the domains and sub-domains that are active on your serverA server is a computer application program that responds to requests for information from a client in a client/server relationship system. A typical example is a web server or pushing a web page to a web browser or a web server receiving email and transferring it to an email client. A server can also refer to the actual hardware designed... More as virtual hosts. They will be listed numerically. Follow the on-screen instructions and select the number that corresponds to the domains/sub-domains you want the certificate to be valid for.
Certbot will then proceed to configure the serverA server is a computer application program that responds to requests for information from a client in a client/server relationship system. A typical example is a web server or pushing a web page to a web browser or a web server receiving email and transferring it to an email client. A server can also refer to the actual hardware designed... More appropriately.
3. Other Web ServersA server is a computer application program that responds to requests for information from a client in a client/server relationship system. A typical example is a web server or pushing a web page to a web browser or a web server receiving email and transferring it to an email client. A server can also refer to the actual hardware designed... More: For the system having any other web serversA server is a computer application program that responds to requests for information from a client in a client/server relationship system. A typical example is a web server or pushing a web page to a web browser or a web server receiving email and transferring it to an email client. A server can also refer to the actual hardware designed... More other than Apache or Nginx, you can get the certificate only but you will have to configure it manually. This method can also be used for Apache and Nginx using the certonly option. You would want to use this option if you have some custom set up on your serverA server is a computer application program that responds to requests for information from a client in a client/server relationship system. A typical example is a web server or pushing a web page to a web browser or a web server receiving email and transferring it to an email client. A server can also refer to the actual hardware designed... More for Apache and Nginx.
$ sudo certbot certonly --webroot
#sudo certbot certonly --apache for manual Apache
#sudo certbot certonly --nginx for manual Nginx
Running the above command is similar to the automatic configuration process only that this time Certbot will create the certificate and print out the path where it has been stored on your file system. Make sure to take a note of the file location which you will later use in your web serverA server is a computer application program that responds to requests for information from a client in a client/server relationship system. A typical example is a web server or pushing a web page to a web browser or a web server receiving email and transferring it to an email client. A server can also refer to the actual hardware designed... More configuration.
4. No Web ServerA server is a computer application program that responds to requests for information from a client in a client/server relationship system. A typical example is a web server or pushing a web page to a web browser or a web server receiving email and transferring it to an email client. A server can also refer to the actual hardware designed... More – You can also set up Let’s Encrypt even if you don’t have a web serverA server is a computer application program that responds to requests for information from a client in a client/server relationship system. A typical example is a web server or pushing a web page to a web browser or a web server receiving email and transferring it to an email client. A server can also refer to the actual hardware designed... More. You can use the command below. This will ask you for the domain name then start a temporary web serverA server is a computer application program that responds to requests for information from a client in a client/server relationship system. A typical example is a web server or pushing a web page to a web browser or a web server receiving email and transferring it to an email client. A server can also refer to the actual hardware designed... More on port 80 to complete the verification and issue the certificate.
$ sudo certbot certonly --standalone
In all the above cases, the serverA server is a computer application program that responds to requests for information from a client in a client/server relationship system. A typical example is a web server or pushing a web page to a web browser or a web server receiving email and transferring it to an email client. A server can also refer to the actual hardware designed... More through the domain must be accessible over the Internet. During the verification /.well-known/acme-challenge folderA folder or directory is an organized collection or group of files on a computer system that can be accessed from a filesystem path. The Folder is the term usually used on Windows-based systems while the directory is the term used on other major operating systems such as Unix, Linux, OSX, iOS, and Android. In Unix based systems, a directory... More will be added for verification.
Step 3 – Test SSL
Once the SSL certificate is installed on the webserver, you can test it by simply visiting https://yourdomain.com/ in a web browser and look for the SSL lock icon in the address bar. You can also do a security scan for the SSL setup on https://www.ssllabs.com/ssltest/ which will do a comprehensive audit of your Let’s Encrypt certificate. This is recommended especially if you set up your certificate manually as in the Other Web ServersA server is a computer application program that responds to requests for information from a client in a client/server relationship system. A typical example is a web server or pushing a web page to a web browser or a web server receiving email and transferring it to an email client. A server can also refer to the actual hardware designed... More set up above.
How to Renew Let’s Encrypt SSL Certificate
Let’s Encrypt certificates are issued for 3 months only. Usually, with Certbot the certificates will auto-renew so you will not have to do anything going forward. In the cases where you need to manually renew them such as when you used manual options for your setup then Certbot provides a way to renew the SSL certificate manually.
With Let’s Encrypt you can renew your certificate anytime within 30 days of expiry. You can do so by running the following command:
$ sudo certbot renew
This command will renew any certificates on your Linux system that are within 30 days of expiry.
You can also do a mock renewal just to make sure all is well before doing the actual renewal by running the following command:
$ sudo certbot renew --dry-run
Conclusion
That’s all! You should now be able to install Certbot on your Ubuntu 20.04 or older systems as well set up Let’s Encrypt SSL certificates as needed.