Contact Us
Hatch Works, 14 Sir Baron Jayatilaka Mawatha, Colombo
[email protected]
CALL US 24/7:
+94 770 6500 99

How to use Let’s Encrypt 100% free certificates and Auto Renewal on Ubuntu

Note: Before you begin, make sure you have root or sudo privileges on your server.

Step 1: Install Certbot

Certbot is the recommended tool for obtaining and managing Let’s Encrypt certificates. Install it using the following command:

Install it using the following command:

bashCopy code

sudo apt-get update sudo apt-get install certbot python3-certbot-apache

Step 2: Obtain the Certificate

Assuming you’re using Apache as your web server, you can obtain a certificate and configure it for your domain using the following command:

bashCopy code

sudo certbot --apache

Certbot will ask you some questions and guide you through the process of selecting the domain(s) you want to secure. It will also configure Apache to use the SSL certificate.

Step 3: Test Auto-Renewal

Let’s Encrypt certificates are valid for 90 days. To ensure they get renewed automatically, you can use Certbot’s built-in renewal mechanism. Certbot creates a cron job that runs twice a day to check for expiring certificates.

To test the renewal process, you can run a dry run:

bashCopy code

sudo certbot renew --dry-run

This will simulate the renewal process and let you know if there are any issues.

Step 4: Verify Auto-Renewal

You can check if Certbot’s automatic renewal is working as expected by running:

bashCopy code

sudo systemctl status certbot.timer

If everything is set up correctly, you should see that the timer is active and will run periodically.

Step 5: Adjust Firewall Rules

If you have a firewall (e.g., UFW) enabled on your server, make sure to allow incoming traffic on port 80 and 443 for Let’s Encrypt validation and HTTPS:

bashCopy code

sudo ufw allow 80,443/tcp

Step 6: Set Up a Cron Job (Optional)

You can manually configure a cron job to renew certificates. Open the crontab configuration:

bashCopy code

sudo crontab -e

Add the following line to check for renewals daily:

javascriptCopy code

0 0 * * * /usr/bin/certbot renew --quiet

Save the file, and Certbot will attempt to renew certificates daily.

That’s it! You now have Let’s Encrypt SSL certificates set up on your Ubuntu server with automatic renewal. Your website should be secure, and you don’t have to worry about renewing the certificates manually.

Leave a Comment

Your email address will not be published. Required fields are marked *