Menu

How to Setup Let’s Encrypt SSL on Ubuntu 18.04 & 16.04 LTS

Written by , Updated on October 9, 2018

Let’s Encrypt is a certificate authority (CA) providing free SSL/TLS certificates. You can get a valid SSL certificate for your domain at no cost. These certificates can be used for production use as well. The certificates can only be requested from there server where the domain is pointed. Let’s Encrypt do a DNS check for the domain, that domain is pointed to the current server. After that it issue certificate for you. This tutorial will help you to install Let’s encrypt client on your Ubuntu system and issue SSL certificate for the domain.

Step 1 – Prerequisites

Before starting work on this task, I assume you already have:

  • Running Ubuntu system with sudo privileges shell access.
  • A domain name registered and pointed to your server’s public IP address. For this tutorial, we use example.com and www.example.com, which is pointed to our server.
  • Runningweb server with VirtualHost configured for example.com and www.example.com on Port 80.

Step 2 – Install Let’s Encrypt Client

Download the certbot-auto Let’s Encrypt client and save under /usr/sbin directory. Use the following command to do this.

sudo wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
sudo chmod a+x /usr/sbin/certbot-auto

Step 3 – Get a SSL Certificate

Let’s Encrypt do a strong Domain Validation automatically with multiple challenges to verify the ownership of the domain. Once the Certificate Authority (CA) verified the authenticity of your domain, SSL certificate will be issued.

sudo certbot-auto certonly --standalone -d example.com  -d www.example.com

Above command will prompt for an email address, which is used for sending email alerts related to SSL renewal and expiration. Also, asks a few more questions. After completion, it will issue an SSL certificate and will also create a new VirtualHost configuration file on your system.

Step 4 – Check SSL Certificate

If everything goes fine. A new ssl will be issued at below location. Navigate to below directory and view files.

cd /etc/letsencrypt/live/example.com
ls

Files List:

  cert.pem
  chain.pem
  fullchain.pem
  privkey.pem

Setp 5 – Configure SSL VirtualHost

Use the following configurations for Apache and Nginx web server. Edit virtual host configuration file and add below entries for the certificate.

Nginx:

ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

Apache:

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem

Step 6 – Configure SSL Auto Renew

In the end, configure the following job on your server crontab to auto-renew SSL certificate if required.

0 2 * * * sudo /usr/sbin/certbot-auto -q renew

You may like:

Rahul
Rahul
Connect on Facebook Connect on Twitter

I, Rahul Kumar am the founder and chief editor of TecAdmin.net. I am a Red Hat Certified Engineer (RHCE) and working as an IT professional since 2009..

11 Comments

  1. Avatar Carlos Montiel Reply
    August 5, 2020 at 4:51 pm

    Wow I forgget to say THANK YOU!

    If you are having troubles, remember that SSL only listens in :443 !!!

  2. Avatar M Agung Sutrisno Reply
    October 20, 2019 at 5:57 am

    If you encounter an OSError error: Command /opt/eff.org/certbot/venv/bin/python2.7 – setuptools pkg_resources pip wheel failed with error code 1, you can solve this problem with this https://github.com/certbot/certbot/issues/2883#issuecomment-216427925

  3. Avatar william Reply
    September 7, 2019 at 4:16 pm

    Hi how to set on renewal on cronjob?

  4. Avatar Eldon Rosenberg Reply
    August 13, 2019 at 2:03 pm

    Thanks for the instructions, Rahul,
    However, when running a web server on port 80, which you assume we are, I believe the –standalone mode should not be used, as that assumes nothing is currently listening on port 80 and certbot tries to serve port 80 itself. You’d have to stop your web server first if you want to use that switch.
    Regards,
    Eldon

  5. Avatar mohit Reply
    January 15, 2019 at 10:26 am

    can i use same ssl for my sub domain

  6. Avatar saravanakumar Reply
    March 6, 2018 at 6:37 am

    There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains:

  7. Avatar saravanakumar Reply
    March 6, 2018 at 6:37 am

    i got this error do you have any solution for this “There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains:”

  8. Avatar Rajesh Chauhan Reply
    March 31, 2017 at 2:04 pm

    We tried this method for one of our customer Ubuntu 16.4 but didn’t worked at all, there was error while assigning SSL certificate to the domain name.

Leave a Reply

© 2013-2020 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy