Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit.
This tutorial will show you how to set up a TLS/SSL certificate from Let’s Encrypt
on an Ubuntu 16.04 server running Apache as a web server.
First of all install Ubuntu 16.04 on client system:
1. Login to the Clients Portal;
- 2. Select at the top of the menu the "Services" > "VPS" tab;
- 3. Press the "Manage" button at the service table;
- 4. Press the "Install OS" button;
- 5. Choose an Ubuntu 16.04, agree with warning and press "Continue";
- Wait for 5-10 minutes and refresh VPS management page.
We need to add a repository, for this first of all install the software-properties-common package. For our Ubuntu version, I also had to install the python-software-properties package:
apt-get install software-properties-common python-software-properties
Then then add the PPA, update your sources, and upgrade your the package:
And finally, install Certbot from the new repository with apt-get:
apt-get install python-certbot-apache
The certbot Let's Encrypt client is now ready to use.Set Up the SSL Certificate
Generating the SSL certificate for Apache using Certbot is quite straightforward. The client will automatically obtain and install a new SSL certificate that is valid for the domains provided as parameters.
To execute the interactive installation and obtain a certificate that covers only a single domain, run the command:
certbot --apache -d yourdomain.ltd
If you have multiple virtual hosts, you should run this command once for each to generate a new certificate for each.Verifying Certbot Auto-Renewal
By default, SSL certificates issued by Let’s Encrypt are valid for 90 days. So it is recommended to renew the certificate before the expiration date. However, the certbot
package we installed takes care of this for us by running certbot
renew twice a day via a systemd
To test the renewal process, you can do a dry run with certbot
certbot renew --dry-run
If you see no errors, you're all set. When necessary, certbot
will renew your certificates and reload Apache to pick up the changes.