How to Install Let’s Encrypt SSL on Ubuntu with Certbot

Let’s Encrypt provides free SSLs for your websites to use secure (SSL) connections. Certbot is free open source software that allows you to easily create Let’s Encrypt SSLs on your cloud server hosting.

Below we’ll cover how to install Certbot, create a Let’s Encrypt SSL certificate, and check maintenance settings.

You must have a fully qualified domain name (FQDN) configured before creating an SSL.

Install Certbot

We recommend you add Certbot developer’s official repository as it’s kept up to date better than what’s in Ubuntu’s default repo.

  1. Log into SSH as root
  2. Add Certbot’s repo:
    sudo add-apt-repository ppa:certbot/certbot
  3. Update your package lists:
    sudo apt-get update
  4. Install Certbot and additional required packages:
    sudo apt-get install python-certbot-apache

Create an SSL with Certbot

After you install Certbot, you’re ready to create SSL certificates for your domain(s).

  1. Create an SSL certificate for your domain(s):
    sudo certbot --apache -d domain.com
    Or if you wish to create an SSL that includes “www” queries:
    sudo certbot --apache -d domain.com -d www.domain.com
  2. Enter an email address for renewal and security notices
  3. Agree to the Terms of Service
  4. Specify whether to receive emails from EFF
  5. Choose whether to redirect HTTP traffic to HTTPS – 1 (no redirect, no further changes to the server) or 2 (redirect all requests to HTTPS)

SSL Maintenance

After you install a Let’s Encrypt certificate, you can test your website and SSL status at WhyNoPadlock.com to handle mixed content errors.

The certificate files for each domain will be added to a respective directory in:

cd /etc/letsencrypt/live

Let’s Encrypt certificates expire after 90 days.

To prevent SSLs from expiring, certbot renew checks your SSL status twice a day and renews certificates expiring within thirty days.

To view settings on systemd:

systemctl show certbot.timer

To view settings on non-systemd systems:

cat /etc/cron.d/certbot

To test the renewal process to ensure it works:

sudo certbot renew --dry-run

Develop web applications on Debian, Ubuntu, or CentOS anywhere with our scalable Cloud Server hosting.

Was this article helpful? Let us know!