SSL

Let’s Encrypt is an SSL certificate authority managed by the Internet Security Research Group (ISRG). It utilizes the Automated Certificate Management Environment (ACME) to automatically deploy free SSL certificates that are trusted by nearly all major browsers.

1. Update/Upgrade your system

sudo apt update && sudo apt upgrade

2. Download and Install Lets Encrypt

sudo apt-get install git

3. Download a clone of Let’s Encrypt from the official GitHub repository. /opt is a common installation directory for third-party packages, so let’s install the clone to /opt/letsencrypt:

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

4. Navigate to the new /opt/letsencrypt directory:

cd /opt/letsencrypt

5. Create the certificate

Run Let’s Encrypt with the --standalone parameter. For each additional domain name requiring a certificate, add -d example.com to the end of the command.

sudo -H ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

If you receive this error, stop your Apache server and try again.

Problem binding to port 80: Could not bind to IPv4 or IPv6.

Agree to the Terms of Service and specify if you would like to share your email address with EFF:

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel:

If all goes well, you should receive a result like this:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Obtaining a new certificate

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2019-09-27. To obtain a new or tweaked
version of this certificate in the future, simply run
letsencrypt-auto again. To non-interactively renew *all* of your
certificates, run "letsencrypt-auto renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

6. Configure your Virtual Host, it should be similar to this, one entry for port 80 and a duplicated block for port 443:

<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
ServerAdmin example@email.com
DocumentRoot /var/www/html/example/src/wordpress
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
ServerName example.com
ServerAlias www.example.com
ServerAdmin example@email.com
DocumentRoot /var/www/html/example/src/wordpress
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

7. Check for the certificated domains:

sudo ls /etc/letsencrypt/live

8. All your certificated sites should be under this path, you also can check with this command:

./certbot-auto certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: example.com
Domains: camilalui.com
Expiry Date: 2019-09-27 16:01:19+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/camilalui.com-0001/fullchain.pem
Private Key Path: /etc/letsencrypt/live/camilalui.com-0001/privkey.pem
Certificate Name: camilalui.com
Domains: example.com www.example.com
Expiry Date: 2019-09-27 09:19:23+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
Certificate Name: food.camilalui.com
Domains: web2.example.com
Expiry Date: 2019-09-27 16:37:52+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/web2.example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/web2.example.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

9. Restart your Apache to apply your changes

service apache2 restart

10. Test your SSL website use:

https://www.ssllabs.com/ssltest/

For more information: Let’s Encrypt Homepage

Camila Lui

Tech Blog and Other Stuff

How to use Lets Encrypt (Debian / Ubuntu)