How To Configure Free SSL Certificate Using Certbot On Ubuntu

We can install and configure a free SSL letsencrypt certificate using certbot on ubuntu 18.04. Let’s see, how to install free SSL on ubuntu.

How To Configure Free SSL Certificate Using Certbot On Ubuntu 

First of all, you should have a domain. if you don’t have a domain, you can buy it from Freenom free of cost for 3months. I already have a domain gowithlinux.com and I will configure SSL for that domain on AWS EC2 instance. 

Check Out: How To Install Jenkins Server On Ubuntu 20.04 / 19.10

Apache Configuration:

1. We need to install the apache on ubuntu and configure it. Use the below command. 

sudo apt install apache2

Start and enable the apache service. 

sudo systemctl start apache2 && sudo systemctl enable apache2

Check the apache status. 

root@certbot:~# systemctl status apache2apache2.service- The Apache HTTP Server
Loaded:loaded (/lib/systemd/system/apache2.service; enabled; vendorprese>
Active:active (running) since Sun 2020-08-09 13:40:40 UTC; 1min 2s ago
Docs:https://httpd.apache.org/docs/2.4/
MainPID: 2320 (apache2)
Tasks:55 (limit: 1164)
Memory:5.4M
CGroup:/system.slice/apache2.service
├─2320/usr/sbin/apache2 -k start
├─2322/usr/sbin/apache2 -k start
└─2323/usr/sbin/apache2 -k start

Create a index.html file under the directory /var/www/html.

root@certbot:~# cd /var/www/html/
root@certbot:/var/www/html# echo "Cerbot FreeSSL" > index.html

We have to create a VirtualHost file to run the website on the server. 

vim /etc/apache2/sites-available/gowithlinux.conf

<VirtualHost *:80>
ServerAdmin web@localhost
ServerName gowithlinux.com
ServerAlias www.gowithlinux.com
DocumentRoot /var/www/html/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Check Out: How To Install Slack On Ubuntu 20.04 and CentOS 8

Activate the configuration file using the below command and restart the apache service as well. 

root@certbot:/etc/apache2/sites-available# a2ensite gowithlinux.conf
Site gowithlinux already enabled
root@certbot: systemctl reload apache2

Now we need to disable the default virtual host file and restart the service. 

root@certbot:/etc/apache2/sites-available# a2dissite 000-default.conf
Site 000-default disabled.

To activate the new configuration, you need to run:
systemctl reload apache2

root@certbot:/etc/apache2/sites-available# systemctl reload apache2

We can also check the configuration file before starting the service. 

root@certbot:/etc/apache2/sites-available# apache2ctl configtest
Syntax OK

As you can see, we have successfully configured the apache and it’s working fine.

Check Out: How To Apply SSL Certificate On Load Balancer On Amazon Cloud

Configure the firewall rules:

Check the status using ufw status command on the ubuntu. if it’s inactive, you can activate the firewall. 

root@certbot:~# ufw status
Status: inactive
root@certbot:~# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
root@certbot:~# ufw status
Status: active

Allow the Apache in the rules using the below command.

root@certbot:~# ufw allow 'Apache Full'
Rule added
Rule added (v6)

Configure Free SSL Using Certbot:

We’ve to install the Certbot repository and package for apache using the below commands. 

add-apt-repository ppa:certbot/certbot
apt install python-certbot-apache

Create a certificate for your domain with the below command. 

root@certbot:~# certbot --apache -d gowithlinux.com -d www.gowithlinux.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): abc@gmail.com

Accept the terms of service. 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for gowithlinux.com
http-01 challenge for www.gowithlinux.com
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/gowithlinux-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/gowithlinux-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/gowithlinux-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/gowithlinux-le-ssl.conf

Check Out: How To Install Sentrifugo Open Source HR Management Tool On Linux

Now it will ask for redirect the HTTP request to HTTPS. you can choose according to your needs and will also automatically write the rewrite rules in your VirtualHost config file.  

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Enabled Apache rewrite module
Redirecting vhost in /etc/apache2/sites-enabled/gowithlinux.conf to ssl vhost in /etc/apache2/sites-available/gowithlinux-le-ssl.conf

Once you have selected the options. it will start working on it. The Crtbot has successfully installed the Free SSL certificate on the domain. 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://gowithlinux.com and
https://www.gowithlinux.com
Certificate file location: /etc/letsencrypt/live/gowithlinux.com

Now we need to change the “A” record in your domain provider. I have GoDaddy logged in. Open the DNS setting for your domain. 

free ssl

Point your domain to the Server public IP as shown in the below figure. 

ssl configure certbot

Just change your Server IP in this record. 

install letsencrypt ubuntu 18.04

Click on the “Lock icon” to see the certificate issued by. 

free ssl certificate letsencrypt

We’ve successfully installed the letsencrypt free SSL certificate on ubuntu 18.04. In a similar way, you can do install on any ubuntu distro. 

Certbot Renew the Certificate:

To renew the certificate automatically, we need to set up a Cron job. Open the Cron using crontab -e command. we need to add the below line. The below command will try to renew the certificate 30 days before expiring. 

0 1 * * * /usr/bin/certbot renew & > /dev/null

To test the renewable process, use the below command.

sudo certbot renwew --dry-run

That’s it.

Share on:

I'm the founder of Curious Viral. I hope this blog will provide you complete information about Linux Technology & I would like to share my technical knowledge with you which I have learned during this period.

Other Posts You May Like...

Leave a comment