Note: Before you begin, make sure you have root or sudo privileges on your server.
Step 1: Install Certbot
Certbot is the recommended tool for obtaining and managing Let’s Encrypt certificates. Install it using the following command:
Install it using the following command:
sudo apt-get update sudo apt-get install certbot python3-certbot-apache
Step 2: Obtain the Certificate
Assuming you’re using Apache as your web server, you can obtain a certificate and configure it for your domain using the following command:
sudo certbot --apache
Certbot will ask you some questions and guide you through the process of selecting the domain(s) you want to secure. It will also configure Apache to use the SSL certificate.
Step 3: Test Auto-Renewal
Let’s Encrypt certificates are valid for 90 days. To ensure they get renewed automatically, you can use Certbot’s built-in renewal mechanism. Certbot creates a cron job that runs twice a day to check for expiring certificates.
To test the renewal process, you can run a dry run:
sudo certbot renew --dry-run
This will simulate the renewal process and let you know if there are any issues.
Step 4: Verify Auto-Renewal
You can check if Certbot’s automatic renewal is working as expected by running:
sudo systemctl status certbot.timer
If everything is set up correctly, you should see that the timer is active and will run periodically.
Step 5: Adjust Firewall Rules
If you have a firewall (e.g., UFW) enabled on your server, make sure to allow incoming traffic on port 80 and 443 for Let’s Encrypt validation and HTTPS:
sudo ufw allow 80,443/tcp
Step 6: Set Up a Cron Job (Optional)
You can manually configure a cron job to renew certificates. Open the crontab configuration:
sudo crontab -e
Add the following line to check for renewals daily:
0 0 * * * /usr/bin/certbot renew --quiet
Save the file, and Certbot will attempt to renew certificates daily.
That’s it! You now have Let’s Encrypt SSL certificates set up on your Ubuntu server with automatic renewal. Your website should be secure, and you don’t have to worry about renewing the certificates manually.