Free SSL certificate / HTTPS using Let’s Encrypt and Certbot

Posted on September 7, 2024

A SSL (Secure Sockets Layer) certificate is a digital certificate that verifies the identity of a website and encrypts the connection between a website and its users. It ensures that all data transmitted between the website and its users remains private and secure.

Key Features:

  1. Authentication: Verifies the website’s identity, ensuring users they are interacting with the intended website.
  2. Encryption: Scrambles data in transit, making it unreadable to unauthorized parties.
  3. Trust: Displays a padlock icon in the browser’s address bar, indicating a secure connection, increasing user confidence in the website.

Let’s Encrypt is a free, open, and automated certificate authority (CA) by a nonprofit Internet Security Research Group (ISRG), that provides website owners with free SSL/TLS certificates to enable HTTPS encryption on their websites. Launched in 2016, Let’s Encrypt aims to make the web a more secure place by simplifying the process of obtaining and installing digital certificates.

Key Features:

  • Free: Let’s Encrypt certificates are completely free, eliminating financial barriers to HTTPS adoption.
  • Automated: The certificate issuance and renewal process is fully automated, making it easy to manage certificates.
  • Open: The organization is transparent, and the certificate authority software is open-source.
  • Trusted: Let’s Encrypt certificates are trusted by most browsers and operating systems.

Certbot is a free, open-source software tool that automates the process of obtaining and renewing SSL/TLS certificates from the Let’s Encrypt certificate authority. It simplifies the process of securing your website with HTTPS, ensuring a secure connection between your website and its visitors.

Key Features:

  • Automated certificate issuance and renewal
  • Support for multiple web servers and operating systems
  • Simple and easy-to-use command-line interface
  • Free and open-source

1) Install Certbot

Open a terminal and run the following command to install Certbot:

sudo apt-get update
sudo apt-get install certbot
sudo apt-get install python3-certbot-nginx
sudo apt-get install python3-certbot-apache

2) Configure Your Web Server

a) First create the web server configuration for your website for Port 80 / HTTP only:

Entry for Port 443 / HTTPS will be auto-generated on running Certbot.

For Apache:

/etc/apache2/sites-available/example.conf

For Nginx:

/etc/nginx/sites-available/example.conf

b) Configure your web server to use the SSL certificate:

Certbot will auto generate the entry in the conf file for Port 443 / HTTPS.

For Apache: 

sudo certbot --apache -d example.com

For Nginx:

sudo certbot --nginx -d example.com

c) Restart the webserver

For Apache:

service apache2 restart

For Nginx:

service nginx restart

3) Verify the SSL Certificate

Verify that the SSL certificate is installed correctly by visiting your website in a web browser:

  • https://example.com
  • https://www.example.com

4) Auto-Renew the SSL Certificate

Set up a cron job to auto-renew the SSL certificate every 30 days:

First run this command to simulate the certificate renewal process without actually renewing the certificates to check for any issues:

sudo certbot renew --dry-run

Open crontab file:

sudo crontab -e

Add the following line to your crontab file:

0 0 */30 * * /usr/bin/certbot renew --quiet

Leave a Reply