If you have a website then you need to ensure that access to it is secure. One of the ways to do this is to create TLS/SSL certificates that allow you to enable HTTPS to make the connection secure. How to do this? With the help of two tools. So today you will learn how to install Let’s Encrypt (Certbot) on Ubuntu 20.04
What is the difference between Let’s Encrypt and Cerbot?
There are a few things you might be confused about, so before we get started we need to clarify a few things.
First of all, we have Let’s Encrypt. According to their website:
Let’s Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). We give people the digital certificates they need in order to enable HTTPS (SSL/TLS) for websites, for free, in the most user-friendly way we can. We do this because we want to create a more secure and privacy-respecting Web.
Therefore, thanks to them we will be able to generate security certificates for our websites. Best of all, it is free and transparent. This makes it ideal for small and educational projects.
However, Let’s Encrypt works with some clients that allow us to make this process even more automatic. One of these clients is cerbot which we can install and use to generate certificates without any problems.
Therefore, we can say that Certbot is a client for the use of Let’s Encrypt. The project’s website defines it as follows:
Certbot is a free, open-source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.
So with Certbot installed we can take advantage of Let’s Encrypt.
Install Let’s Encrypt (Cerbot) on Ubuntu 20.04
Unlike in RHEL-based distributions where Certbot is not available in the official repositories, it is in Ubuntu. That’s why the installation and configuration are quite quick to do.
Before you start, you need to have a valid domain to create the certificate. If this does not exist then you will not be able to complete it.
Also, the process is automatic for Apache and Nginx, but in this post, we will demonstrate it with Apache.
So, I will connect via SSH to your server and update Ubuntu.
sudo apt update
sudo apt upgrade
After that, you have to install the certbot package from the official repositories. In addition to this, you have to install the Apache or Nginx plugin. As in this case, we are using Apache, the package to install is python3-certbot-apache.
sudo apt install certbot python3-certbot-apache
As they are lightweight packages, the installation should not take too long.
Now we need to get a new certificate for our website.
Get a new certificate using Let’s Encrypt (Certbot) on Ubuntu
With Cerbot installed on the system, we can now obtain the certificates. To do this, you first need to have a correctly made VirtualHost with the ServerName value set to your domain.
Then, you can run this command and get the certificate in question:
sudo certbot --apache -d your-domain
Another option is to add the -d option several times to get multiple certificates for multiple domains.
Then you can use the -d option to specify the domain you want to get the certificate for. Also, you can run certbot without the need to specify the domain.
sudo certbot --apache
In this case, the terminal will show you some screens where you will have to accept the conditions, enter the domain as well as a valid email address that will be used to inform you when there is an error when renewing the certificate.
In the end, to apply the changes, you have to restart Apache.
sudo systemctl restart apache2
Renew certificate with Certbot
The certificates provided by Let’s Encrypt are valid for 90 days. So you have to renew them periodically. One of the ways to do this is to execute the following command
sudo certbot renew
We can also do a simulation of the command, by adding --dry-run to it.
sudo certbot renew --dry-run
If all goes well, you will have the option to renew it manually.
In Ubuntu a task is included in the cron where this process is done automatically, you can check it as follows:
sudo systemctl status certbot.timer
So, with this, you can now enable HTTPS for accessing your website.
Conclusion
Enabling HTTPS connections should become one of your priorities to make your website more visited and to protect the transmitted data. Especially if they are dynamic websites.
Now thanks to this post, you know how to do it with Certbot on Ubuntu 20.04. But you can also do it on CentOS 8.
Help us to grow by sharing this post and leaving us a comment.
