Free HTTPS with letsencrypt on Ubuntu 16.04

share on:
LetsEncrypt install on ubuntu 16.04

Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).

Let’s Encrypt is a good option for enabling HTTPS on blogs or small websites. Let’s Encrypt can generate TLS/SSL certificate for any domain, subdomain without any cost and use on your server. It also provides an option to auto renew TLS/SSL certificates.

In this tutorial we will know how to install Let’s Encrypt certificate on Ubuntu 16.04 server for domains.

Follow this link to Install LAMP on Ubuntu 16.04.

Step 1: Install Git and clone the Let’s encrypt to /opt.

shell> apt-get install git
shell> git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

 

Step 2: Generating a Let’s Encrypt SSL certificate.

Let’s Encrypt works by verifying your domain through the client. Let’s Encrypt will setup a ‘hidden’ web server to verify your domain points to your cloud server. Your SSL certificate will automatically be generated using the command:

shell> ./letsencrypt-auto --apache -d debyum.com

 

Creating an SSL certificate for multiple domains is very easy. We can use the -d switch to add as many domains as we want. We can issue certificates containing up to 2,000 unique sub-domains per week.

shell> ./letsencrypt-auto --apache -d abc.domain -d xyz.domain
shell> ./letsencrypt-auto --apache -d abc.domain -d xyz.domain -d mno.domain

 

You can also generate a Let’s Encrypt TLS/SSL certificate for your www.subdomains as follows:

shell> ./letsencrypt-auto --apache -d yourubuntuserver.example -d mysslcertificate.example -d anotherwebsite.example -d www.yourubuntuserver.example -d www.mysslcertificate.example -d www.anotherwebsite.example

 

Step 3: Forcing SSL

After generating SSL certificates, you will be able to increase the security of your website by forcing your websites to redirect to the SSL-protected version of your website.

 

Add the following lines to the .htaccess files of your websites:

RewriteEngine On 
RewriteCond % 80 
RewriteRule ^(.*)$ https://yourubuntuserver.example/$1 [R,L]

 

If you’d rather redirect to the www.subdomain.com with Let’s Encrypt:

RewriteEngine On 
RewriteCond % 80 
RewriteRule ^(.*)$ https://www.yourubuntuserver.example/$1 [R,L]

 

Step 4: Automatically renewing Let’s Encrypt certificates

Let’s Encrypt certificates are  valid only for 90 days by default. Let’s Encrypt provides a utility to automatically attempt to renew all certificates at a time your choice by setting up a cron job.

The automation of this process is done using a cron job.

crontab -e

 

Append the following cronnjob to the bottom of the file:

21 1 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

 

The cron job we have just created will renew an TLS/SSL certificate every Monday at 1:21 A.M. By running the following script: /opt/letsencrypt/letsencrypt-auto renew.

 

Source: Ubuntu Xenial Letsencrypt/Certbot install with Apache

share on:
engy

engy

Hello there, My name is Rishi Guleria and I work as a Linux system administrator. I have created this blog to share what I have learned so far and to learn new things. Good Day. :)

Leave a Response

share on: