How To Install and Use Let’s Encrypt SSL on Ubuntu 16.04 & 14.04

Written by
Rahul K.
Security 2 Comments

Let’s Encrypt is a certificate authority (CA) providing free SSL/TLS certificates for enhanced security freely. You can generate CA-singed SSL certificate for any domain, subdomain without any cost and use on your server. It also provides an option to auto renew SSL certificates for long time use.

1. Setup Let’s Encrypt Client

You can download the certbot-auto Let’s Encrypt client and save it in /usr/sbin directory. Use the following command to do it.

$ sudo wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
$ sudo chmod a+x /usr/sbin/certbot-auto

2. Create SSL Certificate for Domain

Let’s Encrypt performs Domain Validation (DV) automatically with multiple challenges. Once Certificate Authority (CA) verified the authenticity of your domain, SSL certificate will be issued. If you don’t have running any web server on your system, Use the following command, Else use other commands as per web server used on your system.

$ sudo certbot-auto  certonly --standalone -d example.com  -d www.example.com

Apache Users – If you are already running Apache server and configured the virtual host for the domain on port 443. Then Use the following command.

$ sudo certbot-auto  certonly --apache -d example.com  -d www.example.com

Nginx Users – If you are already running Nginx web server and configured the virtual host for the domain on port 443. Then Use the following command.

$ sudo certbot-auto  certonly --nginx -d example.com  -d www.example.com

3. Check SSL Certificate

After getting sucess of all validations, certificate files will be places under below path.

$ cd /etc/letsencrypt/live/example.com
$ ls

Files List:

  cert.pem
  chain.pem
  fullchain.pem
  privkey.pem

4. Configure SSL in VirtualHost

Please find below configurations for Apache and Nginx web server. Edit virtual host configuration file and add below entries for certificate.

Nginx: 

ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

Apache: 

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem

5. Configure SSL Auto Renew

At the end, configure the following job in your server crontab to auto renew SSL certificate if required.

0 2 * * * sudo certbot-auto -q renew

Rahul K.
Rahul K.
Connect on Facebook Connect on Twitter Connect on Google+

I, Rahul Kumar is the founder and chief editor of TecAdmin.net. I am Red Hat Certified Engineer (RHCE) and working as IT professional since 2009.

Related Posts

2 Comments

  1. Rajesh Chauhan Reply to Rajesh
    March 31, 2017 at 2:04 pm

    We tried this method for one of our customer Ubuntu 16.4 but didn’t worked at all, there was error while assigning SSL certificate to the domain name.

Leave a Reply

All rights reserved. © 2017 TecAdmin.net. This site uses cookies. By using this website you agree our term and services
Hosted @DigitalOcean