Let’s Encrypt is Certificate Authority run by Internet Security Research Group that provides X.509 certificates for TLS encryption for free! It simplifies the process of enabling encrypted HTTP (HTTPS) on web servers.
To date, Let’s Encrypt has issued a billion certificates making roughly more than 80% of today’s page loads globally.
In this article, we’ll teach you how to obtain a free SSL certificate for Apache on a Ubuntu machine and set it up to renew automagically.
(1) First is we need to install Certbot using shell commands or your operating system’s software package management program. Certbot requires Python 2.6, 2.7 or 3.3+. If you are using a web-hosting services, it’s possible that Certbot is already installed in your system. But Certbot developers maintain a software repository, which we’ll use here. To use Certbot, you need to have root access.
To add the repository,
$ sudo add-apt-repository ppa:certbot/certbot
And then install the Apache package with this command
$ sudo apt install python-certbot-apache
(2) Once installed, you simply run the command in the shell
$ certbot –apache
To obtain an SSL certificate for your domain, you type
$ sudo certbot –apache -d your-domain.com -d www.your-domain.com
You’ll be prompted to enter your email address and agree to terms and conditions if this is the first time you run it. Once successful, certbot will ask you to configure your HTTP settings whether to redirect or not to redirect all traffic to secure HTTPS access.
Let’s encrypt certificates only last for 90 days, so it’s a good idea to renew your certificates automatically before they expire. To test and make sure renewal process works properly, we can run the command
$ sudo certbot renew –dry-run
If there are no errors, we’re good. And once that is established, we can put this command
$ sudo certbot renew
in a cron init tab.
For basic protection, that’s all we need to do. And if ever there’s an error with the auto renewal process, you’ll receive an email from Let’s encrypt warning you when your certificate is about to expire.
Securing your website with HTTPS isn’t just a good idea but a necessity. Google Chrome now marks HTTP payment and login pages and search pages as insecure if they’re not using HTTPS. And Google has given preference to secure websites when it’s crawling the web.
Fortunately for us, Let’s Encrypt makes it both free and easy to secure our websites.