Installing Certbot and Setting Up Let’s Encrypt SSL on Ubuntu
Let’s Encrypt is a free, automated, and open Certificate Authority (CA) that provides SSL certificates to enable HTTPS on websites. Certbot is a tool that simplifies the process of obtaining and installing Let’s Encrypt SSL certificates. In this guide, we will walk you through installing Certbot and configuring it to secure your Ubuntu web server with an SSL certificate.
← BackStep 1: Install Certbot on Ubuntu
First, you need to install Certbot and the necessary plugin for your web server. If you're using Nginx or Apache, there are specific plugins available. Follow the steps below to install Certbot:
sudo apt update
sudo apt install certbot python3-certbot-nginx
This command installs Certbot and the plugin for Nginx. If you're using Apache, you can replace python3-certbot-nginx with python3-certbot-apache.
Step 2: Obtain an SSL Certificate with Certbot
Now that Certbot is installed, you can use it to obtain an SSL certificate for your domain. Run the following command to automatically configure SSL for your web server:
sudo certbot --nginx
If you are using Apache, use this command instead:
sudo certbot --apache
Certbot will automatically detect your web server and attempt to configure it for SSL. You will be asked to provide your email address and agree to the terms of service. Certbot will then request the SSL certificate from Let’s Encrypt and install it for your domain.
Step 3: Verify SSL Installation
Once Certbot has finished installing the SSL certificate, you should verify that your site is now using HTTPS. Open your browser and navigate to your domain with https:// (e.g., https://yourdomain.com). You should see a padlock symbol next to the URL, indicating that the connection is secure.
Step 4: Automatically Renew SSL Certificates
Let’s Encrypt certificates are valid for 90 days, so it’s essential to set up automatic renewals to ensure that your SSL certificate stays up to date. Certbot includes a built-in cron job that automatically renews your certificates. To verify that the renewal process is working, you can run a dry-run test:
sudo certbot renew --dry-run
This will simulate the renewal process and ensure that there are no issues with your setup. Certbot will automatically renew the certificate when necessary.
Step 5: Redirect HTTP Traffic to HTTPS
To ensure that all traffic is served over HTTPS, it’s a good practice to redirect HTTP requests to HTTPS. Certbot can automatically configure this for you when installing the certificate. If it hasn’t been done, you can manually set up a redirect in your web server’s configuration.
For Nginx:
Ensure that the following server block is present in your Nginx configuration file (usually located in /etc/nginx/sites-available/ or /etc/nginx/sites-enabled/):
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$host$request_uri;
}
For Apache:
In Apache, you can use a VirtualHost directive to enforce HTTPS redirection. Add the following configuration in your Apache config file (usually located in /etc/apache2/sites-available/000-default.conf):
<VirtualHost *:80>
ServerName yourdomain.com
Redirect permanent / https://yourdomain.com/
</VirtualHost>
Conclusion
You've successfully installed Certbot and configured Let’s Encrypt SSL on your Ubuntu server! Your website is now protected with HTTPS, ensuring encrypted communication between your server and visitors. You’ve also set up automatic certificate renewal to maintain secure connections.
← Back