Let’s Encrypt provides free SSLs for your websites to use secure (SSL) connections. Certbot is free open source software that allows you to easily create Let’s Encrypt SSLs on your cloud server hosting.
You must have a fully qualified domain name (FQDN) configured before creating an SSL.
We recommend you add Certbot developer’s official repository as it’s kept up to date better than what’s in Ubuntu’s default repo.
- Log into SSH as root
- Add Certbot’s repo:
sudo add-apt-repository ppa:certbot/certbot
- Update your package lists:
sudo apt-get update
- Install Certbot and additional required packages:
sudo apt-get install python-certbot-apache
Create an SSL with Certbot
After you install Certbot, you’re ready to create SSL certificates for your domain(s).
- Create an SSL certificate for your domain(s):
sudo certbot --apache -d domain.comOr if you wish to create an SSL that includes “www” queries:
sudo certbot --apache -d domain.com -d www.domain.com
- Enter an email address for renewal and security notices
- Agree to the Terms of Service
- Specify whether to receive emails from EFF
- Choose whether to redirect HTTP traffic to HTTPS – 1 (no redirect, no further changes to the server) or 2 (redirect all requests to HTTPS)
After you install a Let’s Encrypt certificate, you can test your website and SSL status at WhyNoPadlock.com to handle mixed content errors.
The certificate files for each domain will be added to a respective directory in:
Let’s Encrypt certificates expire after 90 days.
To prevent SSLs from expiring,
certbot renew checks your SSL status twice a day and renews certificates expiring within thirty days.
To view settings on systemd:
systemctl show certbot.timer
To view settings on non-systemd systems:
To test the renewal process to ensure it works:
sudo certbot renew --dry-run
Develop web applications on Debian, Ubuntu, or CentOS anywhere with our scalable Cloud Server hosting.