Facebook Twitter Instagram
    TecAdmin
    • Home
    • Ubuntu 20.04
      • Upgrade Ubuntu
      • Install Java
      • Install Node.js
      • Install Docker
      • Install LAMP Stack
    • Tutorials
      • AWS
      • Shell Scripting
      • Docker
      • Git
      • MongoDB
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    Home»Security»How to Setup Let’s Encrypt SSL on Ubuntu 18.04 & 16.04 LTS

    How to Setup Let’s Encrypt SSL on Ubuntu 18.04 & 16.04 LTS

    RahulBy RahulAugust 24, 20163 Mins ReadUpdated:October 9, 2018

    Let’s Encrypt is a certificate authority (CA) providing free SSL/TLS certificates. You can get a valid SSL certificate for your domain at no cost. These certificates can be used for production use as well. The certificates can only be requested from there server where the domain is pointed. Let’s Encrypt do a DNS check for the domain, that domain is pointed to the current server. After that it issue certificate for you. This tutorial will help you to install Let’s encrypt client on your Ubuntu system and issue SSL certificate for the domain.

    • Secure Apache with Let’s Encrypt SSL
    • Secure Nginx with Let’s Encrypt SSL

    Step 1 – Prerequisites

    Before starting work on this task, I assume you already have:

    • Running Ubuntu system with sudo privileges shell access.
    • A domain name registered and pointed to your server’s public IP address. For this tutorial, we use example.com and www.example.com, which is pointed to our server.
    • Runningweb server with VirtualHost configured for example.com and www.example.com on Port 80.

    Step 2 – Install Let’s Encrypt Client

    Download the certbot-auto Let’s Encrypt client and save under /usr/sbin directory. Use the following command to do this.

    sudo wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
    sudo chmod a+x /usr/sbin/certbot-auto
    

    Step 3 – Get a SSL Certificate

    Let’s Encrypt do a strong Domain Validation automatically with multiple challenges to verify the ownership of the domain. Once the Certificate Authority (CA) verified the authenticity of your domain, SSL certificate will be issued.

    sudo certbot-auto certonly --standalone -d example.com  -d www.example.com
    

    Above command will prompt for an email address, which is used for sending email alerts related to SSL renewal and expiration. Also, asks a few more questions. After completion, it will issue an SSL certificate and will also create a new VirtualHost configuration file on your system.

    Step 4 – Check SSL Certificate

    If everything goes fine. A new ssl will be issued at below location. Navigate to below directory and view files.

    cd /etc/letsencrypt/live/example.com
    ls 
    

    Files List:

      cert.pem
      chain.pem
      fullchain.pem
      privkey.pem
    

    Setp 5 – Configure SSL VirtualHost

    Use the following configurations for Apache and Nginx web server. Edit virtual host configuration file and add below entries for the certificate.

    Nginx:

    ssl on;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    

    Apache:

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
    

    Step 6 – Configure SSL Auto Renew

    In the end, configure the following job on your server crontab to auto-renew SSL certificate if required.

    0 2 * * * sudo /usr/sbin/certbot-auto -q renew
    

    You may like:

      Apache – Redirect to HTTPS
      Nginx – Redirect to HTTPS
    Apache2 Let's Encrypt SSL TLS Ubuntu
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp
    Previous ArticleBest VPN For Linux (Ubuntu & Fedora)
    Next Article HADOOP/HDFS ls: ‘.’: No such file or directory

    Related Posts

    Change Screen Resolution of An Ubuntu VM in Hyper-V

    Updated:May 2, 20222 Mins Read

    Download Ubuntu 22.04 – DVD ISO Images

    Updated:May 7, 20222 Mins Read

    Ubuntu 22.04 – Release Schedule & Features

    Updated:February 25, 20222 Mins Read

    How to Install and Configure Fail2ban on Debian 11

    3 Mins Read

    Top 5 Most Stable Linux Distributions in 2022

    Updated:January 11, 20226 Mins Read

    How To Install and Secure MongoDB on Ubuntu 20.04

    Updated:September 7, 20214 Mins Read

    12 Comments

    1. Rajesh on June 20, 2021 7:57 pm

      Thanks it works.

      Reply
    2. Carlos Montiel on August 5, 2020 4:51 pm

      Wow I forgget to say THANK YOU!

      If you are having troubles, remember that SSL only listens in :443 !!!

      Reply
    3. M Agung Sutrisno on October 20, 2019 5:57 am

      If you encounter an OSError error: Command /opt/eff.org/certbot/venv/bin/python2.7 – setuptools pkg_resources pip wheel failed with error code 1, you can solve this problem with this https://github.com/certbot/certbot/issues/2883#issuecomment-216427925

      Reply
    4. william on September 7, 2019 4:16 pm

      Hi how to set on renewal on cronjob?

      Reply
    5. Eldon Rosenberg on August 13, 2019 2:03 pm

      Thanks for the instructions, Rahul,
      However, when running a web server on port 80, which you assume we are, I believe the –standalone mode should not be used, as that assumes nothing is currently listening on port 80 and certbot tries to serve port 80 itself. You’d have to stop your web server first if you want to use that switch.
      Regards,
      Eldon

      Reply
    6. mohit on January 15, 2019 10:26 am

      can i use same ssl for my sub domain

      Reply
      • Rahul on January 16, 2019 4:46 am

        Yes, you need to specify sub domain during certbot command like “-d sudomain.example.com”

        Reply
    7. saravanakumar on March 6, 2018 6:37 am

      There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains:

      Reply
      • Rahul K. on March 6, 2018 10:35 am

        Hi Saravana, There are some limits enforces by the Let’s encrypt for issuing certificates. Please check below link:

        https://letsencrypt.org/docs/rate-limits/

        Reply
    8. saravanakumar on March 6, 2018 6:37 am

      i got this error do you have any solution for this “There were too many requests of a given type :: Error creating new cert :: too many certificates already issued for exact set of domains:”

      Reply
    9. Rajesh Chauhan on March 31, 2017 2:04 pm

      We tried this method for one of our customer Ubuntu 16.4 but didn’t worked at all, there was error while assigning SSL certificate to the domain name.

      Reply
      • Rahul K. on April 1, 2017 4:27 am

        Hi Rajesh,

        What error are you facing? It may your existing web server causing issue.

        Reply

    Leave A Reply Cancel Reply

    Recent Posts
    • How to Install Sublime Text 4 on Ubuntu 22.04
    • How to Enable / disable Firewall in Windows
    • How to Install JAVA on Ubuntu 22.04
    • Switching Display Manager in Ubuntu – GDM, LightDM & SDDM
    • Changing the Login Screen Background in Ubuntu 22.04 & 20.04
    Facebook Twitter Instagram Pinterest
    © 2022 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.