Installing a Let’s Encrypt TLS/SSL (Transport Layer Security or Secure Sockets Layer) certificate is one of the most important steps in securing your Ubuntu 18.04 server. This is a plus to your website if you are handling sensitive customer information on your website because the technology enables encryption.
Let’s Encrypt TLS/SSL certificates are open-source and free meaning you can install them on your server without paying a single cent. The technology is automated and powered by the non-profit Internet Security Research Group (ISRG).
TLS/SSL works by encrypting connections between your server and browser and is the most trusted technology for securing internet traffic.
In this tutorial, we are going to show you how to install the Let’s encrypt certificate on your Ubuntu 18.04 machine running Apache web server.
Prerequisites
- An Ubuntu 18.04 VPS plan
- Apache Web server
- A non-root user with sudo privileges
- A domain name pointing to your Ubuntu 18.04 server (Please refer to your VPS provider guide on pointing your domain name records to their name servers)
Step 1: Install the let’s encrypt Certbot Client
Before you download the SSL/TLS certificate, you will need to install a client software on your server. Let’s Encrypt provide a free application called Certbot maintained on the Ubuntu repository.
The developers behind the software are extremely active and this means they keep releasing new updates on the package.
To begin, first add the repository on your Ubuntu server by running the command below:
$ sudo add-apt-repository ppa:certbot/certbot
Then press Enter to continue.
Then, run the command below to update the package list so that it can pick information of the newly added repository package information:
$ sudo apt-get update
Once the package is updated, run the command below to install the Certbot client:
$ sudo apt-get install python-certbot-apache
The Certbot client is now ready to use.
Step 2: Install the Let’s Encrypt SSL certificate on the server
Certbot makes SSL/TLS certificate installation very simple. The un-demanding process simply takes domain name(s) list as a parameter to automatically pull a new SSL certificate from Let’s Encrypt.
You can run the command to obtain a certificate for a single domain as shown below:
$ sudo certbot --apache -d example.com
Remember to change example.com with the correct name of your domain and make sure you have updated the DNS records from the domain registrar.
Sometimes, you may want to install a single certificate that serves multiple domains or sub-domains. Certbot allows you to do this in a straightforward manner.
For instance to install a Let’s encrypt SSL certificate for the domain example.com and its alias www.example.com , you need to run the command below:
$ sudo certbot --apache -d example.com -d www.example.com
It’s advisable to include the base domain first followed by additional aliases or sub-domains
Generating Let’s encrypt ssl certificate for multiple virtual hosts
Although Certbot can take multiple domains as a parameter, you should run the command separately for every single virtual host that you have on your Ubuntu 18.04 server. For instance, if you have the domain www.example.com and www.example.net, run the following two commands one after the other:
$ sudo certbot --apache -d example.com -d www.example.com
$ sudo certbot --apache -d example.net -d www.example.net
Customizing the certificate options
Certbot provides several ways to customize the installation of Let’s encrypt SSL certificate. For instance, you will be prompted to enter an email address to be used for urgent renewal and security notices. You can also choose whether you want to direct all non secure traffic (http) to https.
All generated SSL certificates are stored in the /etc/letsencrypt/live directory. Also, to verify if an SSL certificate has been installed for a particular domain, visit the URL below replacing example.com with your domain:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com&latest
You will see a full SSL report for the website including the common name, validity and signature algorithms used.
Step 3: Auto renewing SSL certificates
Let’s Encrypt certificates are valid for 90 days only. Luckily, Certbot package updates the certificates automatically. You can run a dry-run test with the command below to verify its working:
$ sudo certbot renew --dry-run
If there are no errors, the Certbot is all set. When Certbot renews a certificate, it automatically reloads apache to pick up the new changes.
Conclusion
You have seen how to install a Let’s encrypt certificate on your domain running on Ubuntu 18.04 VPS and Apache web server. If you have followed the guide, everything will work as expected and your certificates will be renewed without any problems.
Check out the top 3 VPS services:
- Want to avoid problems of shared hosting? Click here and know about the best dedicated servers hosting.