RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


Set up SSL Certificates in 5 Minutes Using Let's Encrypt

Let's Encrypt simplifies the process of installing SSL certificates and allows you to set up a free SSL certificate on your Web site in just a few minutes.


Installing SSL certificates on your server can be a complex and time-consuming task. Let's Encrypt simplifies this process and allows you to set up a free SSL certificate on your Web site in just a few minutes.

Install Let's Encrypt

The Let's Encrypt library is installed through git, which means that you will need to install git on your server first. If you don't have it already, run the following command:

sudo apt-get update
sudo apt-get install git

After that, install Let's Encrypt by cloning its repository:

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

This will copy the repository in /opt/letsencrypt/ directory. Although it can be copied to any place in the filesystem, it is a good practice to store it in /opt folder, because that folder is usually used for third-party software in Ubuntu.

Install the SSL Certificate

To set up an SSL certificate, navigate to the directory where Let's Encrypt is located and run the installer:

./letsencrypt-auto --apache -d mydomain.com

For multiple domains or subdomains, do the following:

./letsencrypt-auto --apache -d mydomain.com -d www.mydomain.com

And that's it. Let's Encrypt will guide you through the installation process, generate the SSL files and configure the Apache Web server.

Auto-renew the Certificates

Letsencrypt SSL certificates are valid for 3 months only (90 days). After that time, they will expire and will have to be renewed. Fortunately, there is also a command that solves that problem -- it will check all certificates that are installed on the system and renew the ones that will expire in less than 30 days. The renew command is the following:

 /letsencrypt-auto renew

It is a good practice to configure a cron job and run the renewal command in specific time intervals. For example, to run the renewal command every Monday at 2 a.m., edit the cron tab:

sudo crontab -e

And add the following line:

0 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

What's Happening Under the Hood

Let's Encrypt executes a number of commands without you even noticing. If you would be doing the entire process manually, here is how. First, activate the Apache SSL module and restart the server:

sudo a2enmod ssl
sudo service apache2 restart

Create a directory where you would store the SSL certificate files:

sudo mkdir /etc/apache2/ssl

Then, generate the key and the certificate with OpenSSL:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/mydomain.key -out /etc/apache2/ssl/mydomain.crt

After running this command, it will ask you a number of questions. Although most of them are self-explanatory, pay attention to the Common Name (e.g. server FQDN or YOUR name), where you would enter your domain name (e.g. mydomain.com) or the server's IP address (if you don't have a domain name).

After generating the files, you need to configure the Apache to use the SSL certificates. Create a new configuration file:

sudo nano /etc/apache2/sites-available/mydomain-ssl.conf

And paste this code:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin admin@mydomain.com
        ServerName mydomain.com
        ServerAlias www.mydomain.com

        # Path in the filesystem where the website is located
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on

        # Location where certificate .key and .crt files are stored
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

Activate the configuration and restart Apache:

sudo a2ensite mydomain-ssl.conf
sudo service apache2 restart

That's it, you are ready to go.

Vojislav is a web developer, designer and entrepreneur, based in Belgrade, Serbia. He has been working as a freelancer for more than 6 years, having completed more than 50 projects for clients from all over the worlds, specializing in designing and developing personal portfolios and e-commerce websites using Laravel PHP framework and WordPress content management system. Right now, he works as a full-time senior web developer in a company from Copenhagen.
Email AuthorEmail Author
Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date