How to Setup Let’s Encrypt on Ubuntu 18.04

Reading Time: 3 minutes

Sites with SSL are needed more and more every day. Its ubiquitous enforcement challenges website encryption and is even an effort that Google has taken up. Certbot and Let’s Encrypt are popular solutions for big and small businesses alike because of the ease of implementation.  Certbot is a software client that can be downloaded on a server, like one of our Ubuntu VPS servers, to install and auto-renew SSLs. It obtains these SSLs by working with the well known SSL provider called Let’s Encrypt. In this tutorial, we’ll be showing you a swift way of getting HTTPS enabled on your site.  Let’s get started!

Pre-flight

Step 1: Update apt to ensure we are working with the latest package tool.

apt update && upgrade

Step 2: We’ll install the Certbot software, as this will aid in obtaining the SSL (certificates) from Let’s Encrypt.  Type Y when prompted to continue.

sudo apt install certbot

Step 3: Installing Certbot’s Apache package is also required. Type Y when prompted to continue.

apt install python-certbot-apache

Step 4: Time to attain the SSL from Let’s Encrypt.  Enter your email address and go through the prompts.  This step will look through your /etc/apache2/sites-available/yourdomain.com.conf file, specifically the website name set with the ServerName directive.

Note
If your installation gives the “Failed authorization procedure” message ensure you have followed the steps in the Apache Configuration article and that the A record is set for your domain.

certbot --apache

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A

Your choice to opt in to their newsletter.
-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o:

Jumping from our Apache Configuration tutorial, we want both of our domains covered with the option of www and non www for our visitors. We’ll leave the input blank and hit ENTER.

Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: domain.com
2: www.domain.com
3: domain2.com
4: www.domain2.com
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

In our tutorial we will select the Redirect option, you may choose No redirect if you would still like your site reachable through HTTP.

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):2

A congratulation message will appear as well as instructions of where your SSL certificates are, just in case you need them later.

- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/domain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/domain.com/privkey.pem
Your cert will expire on 2019-07-16. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
Donating to EFF:                    https://eff.org/donate-le

Step 5: Verify your domain was issued the Let’s Encrypt SSL by visiting your site in the browser.  Be sure to clear your browser if you don’t readily see the SSL lock.SSL lock

You now have an SSL encrypting the traffic to your site.  A few things to point out:

  • SSLs are valid for 90 days at a time
  • Let’s Encrypt will automatically renew
  • Any notifications from Let’s Encrypt will be sent to the email address specified in the .conf file

Get our fully Managed VPS servers, and you can control Let’s Encrypt through your WHM control panel.  Not only will you get a clean control panel to adjust server aspects but you also get 24/7 support at your fingertips.  See how our servers can make admin tasks easier!

Avatar for Echo Diaz

About the Author: Echo Diaz

Throughout Echo's four year stint as a technical support specialist, her passion for breaking down complex concepts had to lead to a career in professional writing. As a former top tier support specialist, she added a distinctive element to her written work that spoke to customer feedback and concerns. Echo occasionally pops her head out from behind her computer to watch her dog energetically run around the yard and unabashedly shovels money into buying tickets to see her favorite musical artists.

Latest Articles

Blocking IP or whitelisting IP addresses with UFW

Read Article

CentOS Linux 7 end of life migrations

Read Article

Use ChatGPT to diagnose and resolve server issues

Read Article

What is SDDC VMware?

Read Article

Best authentication practices for email senders

Read Article