How to generate free LetsEncrypt SSL certificate

letsencrypt - the best free ssl certificate

I have installed a free SSL certificate on my blog successfuler.com. Writing down the step by step guide here so all you can know how to generate free LetsEncrypt SSL certificate.

Many thanks to letsencrypt ( a  free ssl certificate authority) who given us the free SSL certificate.

You can read basics about SSL – What is SSL – a complete SSL wiki

Here is my server configuration:
1. I am Using Ubuntu 16.04 on Amazon AWS EC2 free hosting plan – t2.micro
2. I am using Apache webserver so first would tell how I did it with Apache
3. You must have your domain ready and configured on the server and it is working well with non https URL. For this tutorial, we assume that domain name is yourdomain.com and subdomain is www.yourdomain.com

Step 1- Download the letsencrypt client Certbot

Certbot is an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your webserver.

Certbot is in active development so we will use certbot ppa repository instead of direct installation from ubuntu repository.


sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot

You would be asked for few questions, press ENTER to accept those and continue.


sudo apt-get update

Update the repository with this newly listed package.

Step 2 – Install certbot plugin for Apache web server


sudo apt-get install python-certbot-apache

That’s it for installation of certbot client for apache.

Step 3 -generate free LetsEncrypt SSL certificate

Usually, if you use the paid SSL certificate you get the CSR and key file from SSL certificate authority but that does not require for LetsEncrypt SSL certificate.

It’s simple and straightforward, run a certbot command and that would itself create the SSL and will configure in the virtual host of your apache webserver.

You can either create a certificate for the single domain like example.com or can use the single certificate for multiple domains. See the command for both below:

For single domain

sudo certbot --apache -d mydomain.com

For multiple domain

sudo certbot --apache -d yourdomain.com -d www.yourdomain.com

For wildcard certificate:

sudo certbot --apache -d *.yourdomain.com

You would be asked for email for further communication and will need to accept some terms, you will be asked to use if you want to force all users on https or you would like to have both URL http and https enabled. I enabled the force to move on https.

Once this setup is done you can find the certificate files and keys at /etc/letsencrypt/live/yourdomain.com. It’s recommended copying the keys on somewhere else as a backup.

Step 4 – Auto renewal of letcencrypt ssl certificate

The commercial certificate authorities can provide the certificate validity for 36 months but the letsencrypt is limited only for 90 days.

So after 90 days, we have to renew the certificate.

The website can be down if you forget renewal, would not it be good if there is a system to auto-renew the certificate?

Don’t worry, certbot package comes with a cron job that runs daily to check the status of the certificate and renew automatically your certificate.

You can test renewal of certificate by running this command.


sudo certbot renew --dry-run

If there is no error returned then all is well.

Step 5 – Test ssl certificate

Run the below URL to test the SSL status, make sure you change the domain name.

https://www.ssllabs.com/ssltest/analyze.html?d=yourdomain.com&latest

Or run your website with https protocol e.g – https://www.yourdomain.com and see if there is any error you are facing.

Install LetsEncrypt SSL certificate on Nginx

It’s almost same we did for Apache. Certbot makes the life easy for us. It automatically does all configuration which requires for web server whether it
is Apache or Nginx.

Step 1 – Install certbot

It is same as mentioned in the Step 1- Download the letsencrypt client Certbot.

Step 2 – Configure the LetsEncrypt SSL certificate for Nginx


sudo apt-get install python-certbot-nginx

That’s it to install certbot client for Nginx.

Step 3 – Configure the LetsEncrypt SSL certificate for Nginx

For single domain

sudo certbot --nginx -d mydomain.com

For multiple domain

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Step 4 – Auto renewal of SSL certificate

It is same as we have for apache – Step 4 – Auto renewel of letcencrypt ssl certificate

Conclusion:

So you learned that you do not need to buy SSL certificate, you learned how to install the free letsencrypt SSL certificate,how to use certbot client to generate free letsencrypt ssl certificate and how to auto-renew the certificate.

You can read more about letsencrypt on letsencrypt official website

You can read more about certbot on certbot official website