Let’s Encrypt provides a free Valid SSL Certificate to enable encrypted HTTPS on our web servers.
In this tutorial, we use Certbot to install a free SSL certificate for Apache on Ubuntu and will set up this certificate to renew automatically.
Before we start to install Let’s encrypt we first need to install Certbot.
sudo apt install certbot python3-certbot-apache
Press Y, when prompted to confirm.
Certbot is now installed on your server, and we will verify Apache Configuration to ensure your virtual host is set up appropriately.
Now put this command to automatically obtain and configure SSL for your server.
sudo nano /etc/apache2/sites-available/your_domain.conf
Now reload the apache server.
sudo systemctl reload apache2
Now update the firewall to allow HTTPS traffic, If you have enabled HTTPS check now using this command:
sudo ufw status
You can allow using HTTPS using the below code.
sudo ufw allow 'Apache Full'
You can disallow HTTPS using the below code.
sudo ufw delete allow 'Apache'
Now we are ready to run Certbot and obtain your certificates
sudo certbot –apache
Now it will prompt you to answer some questions to configure SSL Certificates
First, provide an email address for notifications, after entering email address press Enter and now it ask to confirm by pressing (A) to Agree.
Now press (N) it will ask to confirm you receive notifications or not, Its your choice, but I prefer to enter N.
Now please select domain sequence no. you want to activate SSL and then, Enter the number and press Enter.
Now your SSL Certificate is installed and activated, replace all your http:// URL to https://
Now verify whether your auto-renewal is activated or not, using this command.
sudo systemctl status certbot.timer
To test the renewal process, you can do a dry run with certbot by using below command:-
sudo certbot renew --dry-run