Certbot is a tool that helps you obtain and renew SSL certificates from Let's Encrypt, a free and open certificate authority. SSL certificates are used to enable HTTPS on your website, which encrypts the communication between your server and your visitors. This improves the security and privacy of your website, as well as the trust and confidence of your visitors
To use Certbot, you need to have access to your server's command line and be able to install software on it. You also need to have a domain name that you control and point it to your server's IP address. Certbot will guide you through the process of verifying your domain ownership and installing the certificate on your server. You can also configure Certbot to automatically renew your certificate before it expires.
- Have one ubuntu server 20.04
- A valid domain name, You can purchase a domain name on Namecheap, get one for free on Freenom, or use the domain registrar of your choice.
- Have the apache 2.4 installed on your ubuntu server, Be sure that you have a virtual host file for your domain.
In order to be able to automatically obtain and configure SSL for your web server, Certbot needs to find the correct virtual host within your Apache configuration files. Your server domain name(s) will be retrieved from the ServerName and ServerAlias directives defined within your VirtualHost configuration block.
Step 1: Install certbot
sudo apt install certbot python3-certbot-apache
Step 2: Update the VirtualHost configuration
sudo nano /etc/apache2/sites-available/example.conf
The contents should be
... ServerName example.com ServerAlias www.example.com ...
If the site didn't enable, please enable it by
sudo a2ensite example.conf
Step 3: Check the apache VirtualHost configuration
sudo apache2ctl configtest
If the result is ok, then reload the apache server
sudo systemctl reload apache2
Step 4: Obtaining An SSL certificate
sudo certbot --apache
First, it will ask for your email address. This email will be used for renewal notifications and security notices
Next, Enter ‘A’ to agree to the Let’s Encrypt terms of service.
Next, Enter ‘N’ If you do not want to subscribe to their content
Next, it will prompt you to inform Certbot of which domains you’d like to activate HTTPS for
Finally, you’ll be prompted to select whether or not you want HTTP traffic redirected to HTTPS
Step 5: Verifying Certbot Auto-Renewal
sudo systemctl status certbot.timer
Other Utilities commands:
- To list certificate
sudo certbot certificates
- To delete certificate
sudo certbot delete --cert-name example.com
- To expand certificate
sudo certbot certonly --apache --expand --cert-name example.com -d www.example.com 1,mail.example.com
- To test the renewal process, you can do a dry run with
sudo certbot renew --dry-run
In this article, you’ve installed the Let’s Encrypt client certbot, configured and installed an SSL certificate for your domain, and confirmed that Certbot’s automatic renewal service is active within systemctl
Duoc Le, Devops @ UnDigital®