CertBot install ubuntua

How To Install a Let’s Encrypt SSL Certbot for Apache and Ubuntu 20.04

Certbot is part of EFF’s effort to encrypt the entire Internet. Secure communication over the Web relies on HTTPS, which requires the use of a digital certificate that lets browsers verify the identity of web servers (e.g., is that really google.com?). Web servers obtain their certificates from trusted third parties called certificate authorities (CAs). Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt—an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server.

Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate is. Certbot and Let’s Encrypt can automate away the pain and let you turn on and manage HTTPS with simple commands. Using Certbot and Let’s Encrypt is free, so there’s no need to arrange payment.

Installation of CertBot:

sudo apt update && sudo apt install certbot python-certbot-apache

Now lets get our new CertBot certificate

sudo certbot --apache

You will be asked some questions like your email, do agree to the Terms of Service and so on. Please fill them for your needs.

Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): Enter an email address where you can be contacted in case of urgent renewal and security notices. Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory ------------------------------------------------------------------------------- (A)gree/(C)ancel: Press a and ENTER to agree to the Terms of Service. Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o: Press n and ENTER to not share your email address with EFF. Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: example.com 2: www.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel):
Code language: PHP (php)

Now lets test our certificate

The site ssllabs.com/ssltest/ is perfect for testing

Auto Renewal

As Let’s Encrypt certs expire after 90 days, they need to be checked for renewal periodically. Certbot will automatically run twice a day and renew any certificate that is within thirty days of expiration.

To test that this renewal process is working correctly, you can run:

sudo certbot renew --dry-run

Conclusion

In conclusion Certbot is one of the best tools for the job. It’s automatic, it’s free and on top of that is very easy to install and maintain.

Leave a Reply

Your email address will not be published. Required fields are marked *