Let’s Encrypt is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).
Let’s Encrypt is a good option for enabling HTTPS on blogs or small websites. Let’s Encrypt can generate TLS/SSL certificate for any domain, subdomain without any cost and use on your server. It also provides an option to auto renew TLS/SSL certificates.
In this tutorial we will know how to install Let’s Encrypt certificate on Ubuntu 16.04 server for domains.
Follow this link to Install LAMP on Ubuntu 16.04.
Step 1: Install Git and clone the Let’s encrypt to /opt.
shell> apt-get install git shell> git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
Step 2: Generating a Let’s Encrypt SSL certificate.
Let’s Encrypt works by verifying your domain through the client. Let’s Encrypt will setup a ‘hidden’ web server to verify your domain points to your cloud server. Your SSL certificate will automatically be generated using the command:
shell> ./letsencrypt-auto --apache -d www.debyum.com
Creating an SSL certificate for multiple domains is very easy. We can use the -d switch to add as many domains as we want. We can issue certificates containing up to 2,000 unique sub-domains per week.
shell> ./letsencrypt-auto --apache -d abc.domain -d xyz.domain shell> ./letsencrypt-auto --apache -d abc.domain -d xyz.domain -d mno.domain
You can also generate a Let’s Encrypt TLS/SSL certificate for your www.subdomains as follows:
shell> ./letsencrypt-auto --apache -d yourubuntuserver.example -d mysslcertificate.example -d anotherwebsite.example -d www.yourubuntuserver.example -d www.mysslcertificate.example -d www.anotherwebsite.example
Step 3: Forcing SSL
After generating SSL certificates, you will be able to increase the security of your website by forcing your websites to redirect to the SSL-protected version of your website.
Add the following lines to the .htaccess files of your websites:
RewriteEngine On RewriteCond % 80 RewriteRule ^(.*)$ https://yourubuntuserver.example/$1 [R,L]
If you’d rather redirect to the www.subdomain.com with Let’s Encrypt:
RewriteEngine On RewriteCond % 80 RewriteRule ^(.*)$ https://www.yourubuntuserver.example/$1 [R,L]
Step 4: Automatically renewing Let’s Encrypt certificates
Let’s Encrypt certificates are valid only for 90 days by default. Let’s Encrypt provides a utility to automatically attempt to renew all certificates at a time your choice by setting up a cron job.
The automation of this process is done using a cron job.
crontab -e
Append the following cronnjob to the bottom of the file:
21 1 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
The cron job we have just created will renew an TLS/SSL certificate every Monday at 1:21 A.M. By running the following script: /opt/letsencrypt/letsencrypt-auto renew.
Source: Ubuntu Xenial Letsencrypt/Certbot install with Apache