How to Install Let’s Encrypt and Create SSL on Ubuntu 16.04 & 14.04

Let’s Encrypt is a certificate authority (CA) providing free SSL/TLS certificates for enhanced security freely. You can generate CA-singed SSL certificate for any domain, subdomain without any cost and use on your server. It also provides an option to auto renew SSL certificates for long time use.

Setup Let’s Encrypt Client

You can download the certbot-auto Let’s Encrypt client and save it in /usr/sbindirectory. Use the following command to do it.

$ sudo wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
$ sudo chmod a+x /usr/sbin/certbot-auto

Create SSL Certificate

Let’s Encrypt performs Domain Validation (DV) automatically with multiple challenges. Once Certificate Authority (CA) verified the authenticity of your domain, SSL certificate will be issued. If you don’t have running any web server on your system, Use the following command, Else use other commands as per web server used on your system.

$ sudo certbot-auto  certonly --standalone -d example.com  -d www.example.com

Apache Users – If you are already running Apache server and configured the virtual host for the domain on port 443. Then Use the following command.

$ sudo certbot-auto  certonly --apache -d example.com  -d www.example.com

Nginx Users – If you are already running Nginx web server and configured the virtual host for the domain on port 443. Then Use the following command.

$ sudo certbot-auto  certonly --nginx -d example.com  -d www.example.com

Check SSL Certificate

After getting sucess of all validations, certificate files will be places under below path.

$ cd /etc/letsencrypt/live/example.com
$ ls 

Files List:

  cert.pem
  chain.pem
  fullchain.pem
  privkey.pem

Configure SSL in VirtualHost

Please find below configurations for Apache and Nginx web server. Edit virtual host configuration file and add below entries for certificate.

Nginx:

ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

Apache:

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem

Leave a Reply

Your email address will not be published. Required fields are marked *

one + 19 =