23 Jun2016

Install a free Let's Encrypt SSL certificate on Ubuntu 16.04 running Apache

Posted in Linux Software Tutorials

Let's Encrypt is gaining huge momentum with the SSL certificate authority last week announcing their 5 millionth SSL certificate. Let's Encrypt allows you to generate a free SSL certificate for your website. Last month they introduced Certbot which makes it much easier to generate and install an SSL certificate on your website.

In this tutorial, I will show you how easy it is to install a Let's Encrypt SSL certificate on an Ubuntu 16.04 server running Apache.

We are going to apply the SSL certificate to our server hostname. In this example I will use ubuntu.techbylooney.com.

Step 1

Assuming you have a fresh installation of Ubuntu 16.04, we first need to update Ubuntu.

sudo apt-get update

Step 2

Once the server is updated, set the server hostname.

sudo vi /etc/hostname

Edit the first line in the file to your server hostname then save the file. It is important to create an A record with your domain registrar for the new server hostname, for example:

ubuntu.techbylooney.com in A 192.168.100.1 (your server IP)

Now reboot your server.

Step 3

Once your server is rebooted, install Apache.

sudo apt-get install apache2

Once installed, you can confirm that Apache is installed by opening your web browser and browsing the the server IP or hostname, in my case http://ubuntu.techbylooney.com. You should see the default Apache page. If you see this page, you can proceed to step 4.

Step 4

We can now download Let's Encrypt to install our free Let's Encrypt SSL certificate.

sudo apt-get install python-letsencrypt-apache

Step 5

We are done with the pre-requisites so let's start the installation.

letsencrypt --apache

You will see the installation screen with the following message.

le1

Click Yes

Next you need to enter your hostname (use your own server hostname) then click OK.

ubuntu.techbylooney.com

Enter your email address on the next prompt and click OK.

This email address is being protected from spambots. You need JavaScript enabled to view it.

Finally, agree to the terms & conditions after which you will be asked if you would prefer easy or strict access. For this tutorial, you can just select easy which means that you can access the server hostname with both HTTP and HTTPS. Now click OK.

Your free Let's Encrypt certificate will now be installed and you will be presented with a congratulations screen. Click OK then test your new certificate by opening your browser and navigating to https://ubuntu.techbylooney.com (use your own server hostname). If you followed all the steps above, you will now see that your connection is secure with a valid SSL certificate.

le4

Step 6

Since a Let's Encrypt certificate is only valid for 90 days, we need to add a new cron job so that the certificate can auto renew before expiry. Once the cron is set, you can be rest assured that your SSL certificate will remain active (did I mention it's free?).

Open crontab

crontab -e

Add the following line to the file. The cron will run twice per day. If the certificate is not up for renewal, it won't do anything.

0 0,12 * * * letsencrypt renew

There you have it, it's never been easier to get a SSL certificate! Please let me know if you have any questions in the comments section.