Let’s encrypt provides free SSL certificates for your websites and also modifies your nginx config to ensure you always have a secure connection. Its great!
You are able to do this with Apache or Nginx. So the first thing we need to do is SSH into your server as root user to being.
Installing Certbot / Let’s Encrypt
The official documentation can be found here. In previous versions we would install cerbot directly, however in the newer versions we are going to be using the snapd package manager. Don’t worry, its still as easy as it was.
The following steps are done in your command line while SSH’d in your server:
Step 1 Install snapd
sudo apt install snapd
Step 2 Ensuring we have the latest version of snapd
sudo apt install core; sudo snap refresh core
Step 3 Installing Certbot
sudo snap install --classic certbot
Step 4 Make Certbot easily available in your command line – also called a symlink
sudo ln -s /snap/bin/certbot /usr/bin/certbot
We are now ready to start creating our SLL certificates.
Issue the SSL certificate with Certbot
Now we will use Certbot to read our Nginx/Apache configs and, with the command line options, select which hosts (websites) we want to issue the SSL’s. We will also be able to select if we want to force the connections to always be HTTPS by always redirecting HTTP to HTTPS. I recommend we always select that option.
Step 1 Run Certbot
If you are using Apache:
sudo cerbot --apache
If you are using Nginx
sudo certbot --nginx
You will now follow the options as I explained above, Certbot makes it quite easy to follow. IF you do have any questions, feel free to comment below and I will help :).
You can also specify which websites you want to issue the certificate by using the -d parameter
sudo certbot --nginx -d website.com -d another-website.com
Step 2 Add your email address – you will be notified here by certbot once a certificate is due to renweal
Step 3 Accept the terms and continue to follow the questions by Certbot
SSL Maintenance & whats next?
The certificates issued by Certbot will last 90 days. Don’t worry, Cerbot will check every 2 days for your certificates and renew them. In the off chance that this doesn’t work, you can just run the command in Step 1 and select “Renew”.
You can also check the Certbot auto renewal timer by using the following command:
systemctl show certbot.timer