Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.


Set up SSL Certificates in 5 Minutes Using Let's Encrypt

Let's Encrypt simplifies the process of installing SSL certificates and allows you to set up a free SSL certificate on your Web site in just a few minutes.




Application Security Testing: An Integral Part of DevOps

Installing SSL certificates on your server can be a complex and time-consuming task. Let's Encrypt simplifies this process and allows you to set up a free SSL certificate on your Web site in just a few minutes.

Install Let's Encrypt

The Let's Encrypt library is installed through git, which means that you will need to install git on your server first. If you don't have it already, run the following command:

sudo apt-get update
sudo apt-get install git

After that, install Let's Encrypt by cloning its repository:

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

This will copy the repository in /opt/letsencrypt/ directory. Although it can be copied to any place in the filesystem, it is a good practice to store it in /opt folder, because that folder is usually used for third-party software in Ubuntu.

Install the SSL Certificate

To set up an SSL certificate, navigate to the directory where Let's Encrypt is located and run the installer:

./letsencrypt-auto --apache -d mydomain.com

For multiple domains or subdomains, do the following:

./letsencrypt-auto --apache -d mydomain.com -d www.mydomain.com

And that's it. Let's Encrypt will guide you through the installation process, generate the SSL files and configure the Apache Web server.

Auto-renew the Certificates

Letsencrypt SSL certificates are valid for 3 months only (90 days). After that time, they will expire and will have to be renewed. Fortunately, there is also a command that solves that problem -- it will check all certificates that are installed on the system and renew the ones that will expire in less than 30 days. The renew command is the following:

 /letsencrypt-auto renew

It is a good practice to configure a cron job and run the renewal command in specific time intervals. For example, to run the renewal command every Monday at 2 a.m., edit the cron tab:

sudo crontab -e

And add the following line:

0 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

What's Happening Under the Hood

Let's Encrypt executes a number of commands without you even noticing. If you would be doing the entire process manually, here is how. First, activate the Apache SSL module and restart the server:

sudo a2enmod ssl
sudo service apache2 restart

Create a directory where you would store the SSL certificate files:

sudo mkdir /etc/apache2/ssl

Then, generate the key and the certificate with OpenSSL:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/mydomain.key -out /etc/apache2/ssl/mydomain.crt

After running this command, it will ask you a number of questions. Although most of them are self-explanatory, pay attention to the Common Name (e.g. server FQDN or YOUR name), where you would enter your domain name (e.g. mydomain.com) or the server's IP address (if you don't have a domain name).

After generating the files, you need to configure the Apache to use the SSL certificates. Create a new configuration file:

sudo nano /etc/apache2/sites-available/mydomain-ssl.conf

And paste this code:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin admin@mydomain.com
        ServerName mydomain.com
        ServerAlias www.mydomain.com

        # Path in the filesystem where the website is located
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on

        # Location where certificate .key and .crt files are stored
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

Activate the configuration and restart Apache:

sudo a2ensite mydomain-ssl.conf
sudo service apache2 restart

That's it, you are ready to go.

Vojislav is a web developer, designer and entrepreneur, based in Belgrade, Serbia. He has been working as a freelancer for more than 6 years, having completed more than 50 projects for clients from all over the worlds, specializing in designing and developing personal portfolios and e-commerce websites using Laravel PHP framework and WordPress content management system. Right now, he works as a full-time senior web developer in a company from Copenhagen.
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date