This guide shows how to install cerbot package and with it activate Let’s Encrypt certificate on Virtual Server (VPS). In the case of garanty of SSL certificate or need to edit CSR visit our SSL certificates offers.
Requirements
For successful installation of the SSL certificate following this guide you need to first fulfill following criteria:
- VPS with operating system Ubuntu 12.04, Ubuntu 14.04, Ubuntu 16.04 or Ubuntu 18.04
- Web server Apache
- Admin rights to the server (root or sudo)
Before the installation of the SSL certificate we would recommend to create a snapshot of your VPS.
Installation of the certbot package
Let’s Encrypt certificates are usually uploaded to the server via packages. Official package is Certbot – which is regularly updated and fully supported on the operating system Ubuntu.
First step is to add a repository package cerbot, that you confirm by pressing ENTER:
sudo add-apt-repository ppa:certbot/certbotThen it is necessary to update repository via command:
sudo apt-get updateLast step is installation of certbot package for the webserver Apache, with a command:
sudo apt-get install python-certbot-apacheIf the installation finishes without any error messages, the Certbot package is ready.
Obtaining SSL certificate
Certbot will generate the SSL certificate for you. Process of the generating consists of:
- domain verification (it is necessary to have the DNS A record directed to the VPS)
- registration of e-mail (optional, you can skip this option)
- issuing the certificate
To obtain certificates for the domain e.g. example.com you can use following command:
certbot --apache -d example.com
Or a command without e-mail registration (note. option –register-unsafely-without-email is possible to use even for multiple domains):
certbot --apache -d example.com --register-unsafely-without-email
At the end of the process you can choose, whether you want Certbot to automatically redirect your domain to https:// (option 1) or keep current settings (option 2). Then the certificate is generated.
In a case of generating certificate for subdomains you can use following command but only along with a second level domain (in this case example.com):
certbot --apache -d example.com -d www.example.com -d subdomain.example.com
After successful installation the certificates are stored in the directory /etc/letsencrypt/live
To check the SSL certificate you can use a website: https://www.sslshopper.com/ssl-checker.html
We would also recommend to test your website via https:// protocol (open https://example.com in your browser).
Automatic renewal of the certificate
Duration of all Let’s Encrypt certificate is 90 days. After this time it is necessary to renew the certificate. Certbot package renews the certificate automatically via a CRON task in the directory /etc/cron.d, that renews all certificates with duration lesser than 30 days.
In a case of manual renew you can check the functioning with command:
sudo certbot renew --dry-runIf the outcome is without issues, you can use the command without parameters –dry-run.