Installing and Renewing Let's Encrypt SSL on Ubuntu Server and Website

{tocify} $title={Table of Contents}

Introduction:

Securing your website with an SSL certificate is essential to protect the sensitive information of your users and establish trust. Let's Encrypt, a free and widely adopted Certificate Authority, offers a convenient way to obtain and renew SSL certificates. In this article, we will provide a step-by-step guide on installing and renewing Let's Encrypt SSL certificates on Ubuntu server for both NGINX and Apache web servers.



Section 1: Installing Let's Encrypt SSL Certificate

1.1 Installing Certbot:

To begin, you need to install Certbot, a
command-line tool provided by Let's Encrypt, which simplifies the process of obtaining and managing SSL certificates. Open a terminal on your Ubuntu server and run the following commands:

For NGINX:

sudo apt update
sudo apt install certbot python3-certbot-nginx

For Apache:

sudo apt update
sudo apt install certbot python3-certbot-apache

1.2 Obtaining an SSL Certificate:

Once Certbot is installed, you can obtain an SSL certificate by executing the following command:

For NGINX:

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

For Apache:

sudo certbot --apache -d yourdomain.com -d www.yourdomain.com

Replace "yourdomain.com" with your actual domain name. Certbot will automatically configure your web server to use the obtained SSL certificate.

Section 2: Renewing Let's Encrypt SSL Certificate

2.1 Automatic Renewal:

Let's Encrypt SSL certificates have a limited validity period, usually 90 days. It is crucial to automate the renewal process to ensure uninterrupted SSL protection. Certbot makes it easy to automate certificate renewal.

2.2 Certbot's Automatic Renewal Timer:

Certbot sets up a systemd timer during installation to automatically check for certificate renewal twice a day. You can verify if the timer is active by running the following command:

sudo systemctl list-timers certbot.timer

2.3 Manual Certificate Renewal:

To manually renew a certificate, execute the following command:

sudo certbot renew

Certbot will check for expiring certificates and renew them if required. Automating this command by setting up a cron job can be a good practice.

Section 3: Configuring Let's Encrypt SSL on NGINX

3.1 NGINX Configuration:

Once the SSL certificate is installed, you need to configure NGINX to use it. Open the NGINX configuration file for your website using a text editor:

sudo nano /etc/nginx/sites-available/yourdomain.com

3.2 Update the Configuration:

Inside the server block, locate the listen directive for port 80 and replace it with the following code to redirect HTTP traffic to HTTPS:

listen 80;
return 301 https://$host$request_uri;

3.3 Enable HTTPS:

Below the HTTP redirect code, add the following code to enable HTTPS:

listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

3.4 Restart NGINX:

Save the changes and exit the text editor. Restart NGINX to apply the new configuration:

sudo systemctl restart nginx

Section 4: Configuring Let's Encrypt SSL on Apache

4.1 Apache Configuration:

To configure Let's Encrypt SSL on Apache, open the Apache configuration file for your website using a text editor:

sudo nano /etc/apache2/sites-available/yourdomain.com.conf

4.2 Enable HTTPS:

Within the VirtualHost block, locate the line <VirtualHost *:80> and replace it with the following code to redirect HTTP traffic to HTTPS:

<VirtualHost *:80>
    ServerName yourdomain.com
    Redirect permanent / https://yourdomain.com/
</VirtualHost>

4.3 Enable SSL:

Below the HTTP redirect code, add the following code to enable SSL:

<VirtualHost *:443>
    ServerName yourdomain.com
    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
</VirtualHost>

4.4 Restart Apache:

Save the changes and exit the text editor. Restart Apache to apply the new configuration:

sudo systemctl restart apache2

Conclusion:

Securing your website with Let's Encrypt SSL certificates is crucial for data protection and user trust. With the detailed steps provided in this article, you can easily install and renew Let's Encrypt SSL certificates on your Ubuntu server, whether you are using NGINX or Apache as your web server. By following these guidelines, you ensure the continuous availability of secure HTTPS connections for your website, contributing to a safer online environment for your users.


#php_tutorials #laravel_tutorials #w3_schools_php

Post a Comment

Previous Post Next Post