How to set up Let’s Encrypt SSL on Ubuntu 18.04 and 16.04 LTS

Let’s Encrypt is a certificate authority (CA) that provides free SSL/TLS certificates. You can obtain a valid SSL certificate for your domain name for free. These certificates are also available for production use. Certificates can only be requested from servers pointing to the domain. Let’s Encrypt performs a DNS check on the domain, which points to the current server. Afterwards, it issues the certificate. This article will introduce how to install Let’s Encrypt client on Ubuntu system and issue an SSL certificate for this domain.

Step 1: Prerequisites

Before you begin this task, it is assumed that you already have:

Usage sudo privilege shell access to the running Ubuntu system. The domain name is registered and points to the server's public IP address. In this article, we use example.com and

www.example.com, which points to our server. Run a web server configured with virtualhost (e.g. .com) and www.example.com on port 80.

Step 2: Install Let’s Encrypt client

Download certbot-auto, Let’s Encrypt client and save it in the /usr/sbin directory. Use the following command to do this.

$ sudo wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
$ sudo chmod a+x /usr/sbin/certbot-auto

Step 3: Obtain an SSL Certificate

Let’s Encrypt automatically performs strong domain verification and verifies domain ownership. After the Certificate Authority (CA) verifies the authenticity of the domain, an SSL certificate is issued.

$ sudo certbot-auto certonly --standalone -d example.com  -d www.example.com

The above command will prompt for an email address that will be used to send email alerts related to SSL renewal and expiration. In addition, there are still some problems. Once completed, it will issue the SSL certificate and create a new virtual host profile on your system.

Step 4: Check SSL Certificate

If everything goes well. New SSL will be released at the location below. Navigate to the directory below and view the files.

cd /etc/letsencrypt/live/example.com
ls

File List:

 cert.pem
  chain.pem
  fullchain.pem
  privkey.pem

Step 5: Configure SSL Virtual Host

Use the following configuration for the Apache and Nginx web servers. Edit the virtual host configuration file and add the following certificate entries.

Nginx:

ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

Apache:

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem

Step 6: Configure SSL automatic renewal

Finally, in Configure the following job on the server crontab to automatically renew the SSL certificate when needed.

0 2 * * * sudo /usr/sbin/certbot-auto -q renew

This article has ended here. For more other exciting content, you can pay attention to the Linux Video Tutorial column on the PHP Chinese website! ! !

The above is the detailed content of How to set up Let’s Encrypt SSL on Ubuntu 18.04 and 16.04 LTS. For more information, please follow other related articles on the PHP Chinese website!