Set up SSL Certificates in 5 Minutes Using Let’s Encrypt

Installing SSL certificates on your server can be a complex and time-consuming task. Let’s Encrypt simplifies this process and allows you to set up a free SSL certificate on your Web site in just a few minutes.

Install Let’s Encrypt

The Let’s Encrypt library is installed through git, which means that you will need to install git on your server first. If you don’t have it already, run the following command:

sudo apt-get updatesudo apt-get install git

After that, install Let’s Encrypt by cloning its repository:

sudo git clone /opt/letsencrypt

This will copy the repository in /opt/letsencrypt/ directory. Although it can be copied to any place in the filesystem, it is a good practice to store it in /opt folder, because that folder is usually used for third-party software in Ubuntu.

Install the SSL Certificate

To set up an SSL certificate, navigate to the directory where Let’s Encrypt is located and run the installer:

./letsencrypt-auto --apache -d

For multiple domains or subdomains, do the following:

./letsencrypt-auto --apache -d -d

And that’s it. Let’s Encrypt will guide you through the installation process, generate the SSL files and configure the Apache Web server.

Auto-renew the Certificates

Letsencrypt SSL certificates are valid for 3 months only (90 days). After that time, they will expire and will have to be renewed. Fortunately, there is also a command that solves that problem — it will check all certificates that are installed on the system and renew the ones that will expire in less than 30 days. The renew command is the following:

 /letsencrypt-auto renew

It is a good practice to configure a cron job and run the renewal command in specific time intervals. For example, to run the renewal command every Monday at 2 a.m., edit the cron tab:

sudo crontab -e

And add the following line:

0 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

What’s Happening Under the Hood

Let’s Encrypt executes a number of commands without you even noticing. If you would be doing the entire process manually, here is how. First, activate the Apache SSL module and restart the server:

sudo a2enmod sslsudo service apache2 restart

Create a directory where you would store the SSL certificate files:

sudo mkdir /etc/apache2/ssl

Then, generate the key and the certificate with OpenSSL:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/mydomain.key -out /etc/apache2/ssl/mydomain.crt

After running this command, it will ask you a number of questions. Although most of them are self-explanatory, pay attention to the Common Name (e.g. server FQDN or YOUR name), where you would enter your domain name (e.g. or the server’s IP address (if you don’t have a domain name).

After generating the files, you need to configure the Apache to use the SSL certificates. Create a new configuration file:

sudo nano /etc/apache2/sites-available/mydomain-ssl.conf

And paste this code:

            ServerAdmin [email protected]        ServerName        ServerAlias        # Path in the filesystem where the website is located        DocumentRoot /var/www/html        ErrorLog ${APACHE_LOG_DIR}/error.log        CustomLog ${APACHE_LOG_DIR}/access.log combined        SSLEngine on        # Location where certificate .key and .crt files are stored        SSLCertificateFile /etc/apache2/ssl/apache.crt        SSLCertificateKeyFile /etc/apache2/ssl/apache.key                                SSLOptions +StdEnvVars                                        SSLOptions +StdEnvVars                BrowserMatch "MSIE [2-6]"                         nokeepalive ssl-unclean-shutdown                         downgrade-1.0 force-response-1.0        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown    

Activate the configuration and restart Apache:

sudo a2ensite mydomain-ssl.confsudo service apache2 restart

That’s it, you are ready to go.

Share the Post:
Share on facebook
Share on twitter
Share on linkedin


The Latest

microsoft careers

Top Careers at Microsoft

Microsoft has gained its position as one of the top companies in the world, and Microsoft careers are flourishing. This multinational company is efficiently developing popular software and computers with other consumer electronics. It is a dream come true for so many people to acquire a high paid, high-prestige job

your company's audio

4 Areas of Your Company Where Your Audio Really Matters

Your company probably relies on audio more than you realize. Whether you’re creating a spoken text message to a colleague or giving a speech, you want your audio to shine. Otherwise, you could cause avoidable friction points and potentially hurt your brand reputation. For example, let’s say you create a

chrome os developer mode

How to Turn on Chrome OS Developer Mode

Google’s Chrome OS is a popular operating system that is widely used on Chromebooks and other devices. While it is designed to be simple and user-friendly, there are times when users may want to access additional features and functionality. One way to do this is by turning on Chrome OS