Install FREE SSL/TLS Certificate on Apache with Let’s Encrypt on Ubuntu 18.04/20.04

SSL certificates are used to encrypt the traffic between the server and client within web servers and provides extra security for users accessing web application. Let’s Encrypt provides an easy way to obtain and install trusted certificates without any cost. This guide will show you how to install FREE SSL/TLS Certificate on Apache with Let’s Encrypt on Ubuntu 18.04/20.04 server running Apache as a web server.

Prerequisites

  • An Ubuntu 18.04/20.04 server with a non-root sudo-enabled user
  • Apache web server installed with one or more domain names configured properly through Virtual Hosts specifying ServerName.

Installing Let’s Encrypt Client

Let’s Encrypt certificates are fetched through client software running on your server. Certbot is the official client and developers usually maintain it their own Ubuntu repository with up-to-date versions.

As you already know Ubuntu latest release 20.04 uses Python3 so there is difference installing Let’s Encrypt certificate in our Ubuntu 20.04 server.

Install Let’s Encrypt Client on Ubuntu 18.04

First, add the repository,

$ sudo add-apt-repository ppa:certbot/certbot

Next, you need to press ENTER to accept. Afterwards, update the package list to get new repository package information,

let's encrypt ssl certificate

$ sudo apt-get update

Now install Certbot from the new repository with apt-get,

$ sudo apt-get install python-certbot-apache

Certbot Let’s Encrypt client is properly installed in your ubuntu 18.04 server.

Install Let’s Encrypt Client on Ubuntu 20.04

In our latest ubuntu release, there is no need to add certbot repository. Just run the following command to install certbot client on your ubuntu 20.04 server. Make sure, you put Python3 in command,

$ sudo apt install certbot python3-certbot-apache

Certbot Let’s Encrypt client is now ready to use on ubuntu 20.04 platform.

Setting up Let’s Encrypt SSL Certificate

Obtaining the SSL certificate for Apache Web server with Certbot is very simple. The certbot client will automatically obtain and install a new SSL certificate that is valid for the domains for 3 months.

To execute the interactive installation and obtain a certificate that covers only a single domain, run the certbot command as follows,

$ sudo certbot --apache -d Domain-name.com

If you want to get a single certificate that is valid for one or more than one domains or subdomains, you can pass them as additional parameters in the command. For this instance, Domain-name.com is base domain.

$ sudo certbot --apache -d Domain-name.com -d www.Domain-name.com

Once dependencies installed, you will be prompted a step-by-step guide to customize your certificate options. You have to provide an email address to recover lost key and notices, warning. You have to choose between enabling both http and https access or forcing all requests to redirect to https. It is usually safest to redirect https, until/unless you have a specific need for unencrypted http traffic.

Verify the Let’s Encrypt Certificate Installation

You can verify the status of your SSL certificate with the following link (Please replace Domain-name.com with your base domain,

https://www.ssllabs.com/ssltest/analyze.html?d=example.com&latest

You will be able to access your website using a https prefix the website URL.

SSL Certificate Auto-Renewal

Let’s Encrypt certificates only eligible for 90 days. However, the certbot client takes care of this by running certbot renew twice a day via a systemd timer. On non-systemd distributions this functionality can be added by a cron script placed in /etc/cron.d. This task will run twice in a day and renew any certificate which is expiring within thirty days.

You can test the renewal process, you can do a dry run with certbot,

$ sudo certbot renew --dry-run

If you see no errors, you’re all set. If the renewal process ever fails, Let’s Encrypt will send an email  to you specified that  your certificate is about to expire.

We recommend you put these entries in your crontab file that runs twice in a day and this takes care of auto renewal of your Let’s encrypt certificate.

0 */12 * * * /usr/bin/certbot renew & > /dev/null

Conclusion

In this guide, we saw how to install FREE SSL/TLS certificate on apache with Let’s Encrypt on Ubuntu 18.04/20.04.

Read Also : How to Generate a SELF-SIGNED SSL Certificate with Openssl in Linux

Read Also : How to Configure LAMP Stack on CentOS 7

Share on:

Ravindra Kumar

Hi, This is Ravindra. I am founder of TheCodeCloud. I am AWS Certified Solutions Architect Associate & Certified in Oracle Cloud as well. I am DevOps and Data Science Enthusiast.

Recommended Reading..

2 thoughts on “Install FREE SSL/TLS Certificate on Apache with Let’s Encrypt on Ubuntu 18.04/20.04”

Leave a Comment