Official Power Up Hosting Blog

Everything about Linux, Windows, and hosting ;)

Sushma Patil
Author

Be bold enough to design your life.

Share


Our Newsletter


Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Tags


Twitter


Official Power Up Hosting Blog

How to install and configure Let's Encrypt on Ubuntu 14.04 and 16.04

Sushma PatilSushma Patil

Let's Encrypt is world's first open source SSL program that was launched with an initiative to have a secure web.

..after that launch, it now powers millions of websites.

With the power of Linux and Ubuntu.

...Let's Encrypt makes it extremely easy to install the certificates on Ubuntu 14.04 and Ubuntu 16.04.

Let's learn how to get started with Let's Encrypt.

..and in this guide will well learn how to install and configure Let's Encrypt on Ubuntu 14.04 and Ubuntu 16.04

How SSL is Essential!

SSL is essential to protect our sensitive information and provide greater experience with accessing the website and transferring data.

When user and server are in process of sharing sensitive information.

..then another person should not be able to see and use our information like usernames and passwords and credit card information and other important information.

SSL encrypts that information.

..and the other person will never be able to use and read that information.

Only server and client can use and read!

Let's start with what is SSL (Secure Sockets Layer)

What is SSL?

A Website is a collection of related web pages, various multimedia content, which identifies a common domain name.

A website can be a personal website, a commercial website for a company, a government website or a non-profit organization website.

A Lot of information travels between a web server (host) and a web browser (client) over the world's computer network.

So anyone can wish that their information should be travel securely.

Our sensitive information should be protected and SSL in essential to protect our website.

It provides higher security, data integrity, and also provide a great experience to users while information travels across the world's computer network.

SSL certificates are used within web servers to encrypt the traffic between server and client, providing extra security for users accessing your application.

Let’s Encrypt provides an easy way to obtain and install trusted certificates for free.

Introduction

"Let’s Encrypt is a Certificate Authority (CA) which will help you to obtain free SSL/TLS certificates needed for your server. With the help of this, the server can run securely.

Let's Encrypt SSL allows you to encrypt the transaction your site free of charge.

Here we will learn the entire process of installing the Let's Encrypt client to installing your SSL certificate on Ubuntu 14.04 and Ubuntu 16.04 and set up them on Apache web server and how to renew the certificate automatically.

Prerequisites

An Ubuntu 14.04 server and with sudo (You can always use sudo, in both case"($,#)"users.)

An Ubuntu 16.04 server and with sudo (You can always use sudo, in both case"($,#)"users.)

A public registered domain name that you wish to use the certificate with "A" Records that points your domain to the public IP address of your server.

This is mandatory to validate your domain name that issuing certificate.

1) Install the Let's Encrypt Client

Download the Let’s Encrypt client from the EFF download site by using certbot-auto. After installation, all available update will get automatically.

Download the certbot-auto Let’s Encrypt client to the /usr/local/sbin directory.

#sudo cd /usr/local/sbin
#sudo wget https://dl.eff.org/certbot-auto

Set the execution permission to the script.

#sudo chmod a+x /usr/local/sbin/certbot-auto

Now, Let's Encrypt client is ready and above all commands used for Ubuntu 14.04 server.

Now, We will see how to install let's encrypt on Ubuntu 16.04. If you have system ubuntu 16.04 then please refer below commands:

Download the Let’s Encrypt client from the official repositories by using letsencrypt.

Let's Encrypt client included in the Ubuntu 16.04 repositories is let's encrypt.

Update the server's local apt package and install the client.

#sudo apt-get update
#sudo apt-get install python-letsencrypt-apache

During this process it will ask for confirmation ([y/n]), just type “y” to continue to download your Let's Encrypt.

Now, Let's Encrypt client is ready and above all commands used for Ubuntu 16.04 server.

2) Setting Up the SSL certificate

Now, we will generate the SSL certificate for apache with the help of certbot-auto.

For that make sure you have installed apache.
If you don't have it then install by typing following commands:

#sudo apt-get install apache2
#sudo service apache2 restart

Now, here client will help to obtain and install SSL automatically.

Now here only one domain name is used and that domain name is example.com.

#sudo certbot-auto --apache -d example.com

We can use let's encrypt certificate that will contain multiple domains and subdomains.

The "first domain" name will be base domain and "second domain" will be bare top-level domain name as first in the list.

#sudo certbot-auto --apache -d example.com -d www.example.com

To customize your certificate options, there will be some steps.

After you agree on the license, You have to provide one email address for lost key recovery and notices.

After next box will be open and there you have to select one option between http and https.

You can choose https. Hyper Text Transfer Protocol Secure (HTTPS) it's a secure version of HTTP. With the help of this protocol, the data will transfer securely between client and server.

Once your installation finished, congratulation message will get displayed on your console.

Now view the file /etc/letsencrypt/live to find your Generated certificate.

#sudo ls /etc/letsencrypt/live

Now, all process regards installing let's encrypt are almost done, we have to test status of our SSL certificate, follow the below link.

[https://www.ssllabs.com/ssltest/analyze.html?d=example.com&latest]

We can see our website using https prefix and users can access our website using https prefix.

Here you have seen commands for Ubuntu 14.04 system.

Now, we will see how to setup SSL certificate on Ubuntu 16.04.

Now, we will generate the SSL certificate for apache with the help of let's encrypt.

Now, here client will help to obtain and install SSL automatically.

#sudo letsencrypt --apache -d example.com

We can use let's encrypt certificate that will contain multiple domains and subdomains.

#sudo letsencrypt --apache -d example.com -d www.example.com

After this command follow same above steps (same as for Ubuntu 14.04) to customize your certificate options.

Now view the file /etc/letsencrypt/live to find your Generated certificate.

#sudo ls /etc/letsencrypt/live

Now, all process regards installing let's encrypt are almost done, we have to test status of our SSL certificate, follow the below link.

[https://www.ssllabs.com/ssltest/analyze.html?d=example.com&latest]

3) Setting Up auto Renewal

Let’s Encrypt certificates are valid for 90 days. So as it's valid for 90 days we should renew it after sometimes. And certificates should be renewed every 60 days. Now run auto renew command.

By typing following command, you will receive the following message, because we recently installed the certificate.

For Ubuntu 14.04 system:

#sudo certbot-auto renew
Checking for new version...
Requesting root privileges to run letsencrypt...
/home/sammy/.local/share/letsencrypt /bin/letsencrypt renew
Processing /etc/letsencrypt/renewal/example.com.conf
The following certs are not due for renewal yet:
/etc/letsencrypt/live/example.com/fullchain.pem(skipped)
No renewals were attempted.

For Ubuntu 16.04 system:

#sudo letsencrypt renew
Processing /etc/letsencrypt/renewal/example.com.conf
The following certs are not due for renewal yet:
/etc/letsencrypt/live/example.com/fullchain.pem (skipped)
No renewals were attempted.

Only base domain will be shown in the output, but the renewal should be valid for all domains which are under this certificate.

Renewal will check the expiration date and then it will execute the renewal command, as it should be renewed every 60 days.

We can create a cron job that will run renew command every week or even day.

Now create a cron job that will run renew command every week.

#sudo vim crontab -e

Here one blank file will be open, you have to enter the following details to it and save:

**crontab**

**15 5 * * 5 /usr/bin/certbot-auto renew >> /var/log/le-renew.log**

Save and exit.

For Ubuntu 16.04 system:

**crontab**

**15 5 * * 5 /usr/bin/letsencrypt renew >> /var/log/le-renew.log**

Save and exit.

This will create a new cron job that will execute the let's encrypt-auto renew command every Friday at 5:15 A.M.

To view the newly SSL configuration file for Apache webserver run this file /etc/letsencrypt-auto/options-ssl-apache.conf.

#sudo cat /etc/letsencrypt/options-ssl-apache.conf 

Conclusion

We learned how to create Let's Encrypt SSL certificates and set them up on your Apache web server.

Users can access your website and they can access data and transfer of data between client and server securely.

Share this article with others to learn how to install let's encrypt on ubuntu 14.04 and Ubuntu 16.04.

Sushma Patil
Author

Sushma Patil

Be bold enough to design your life.

Comments