Let’s Encrypt is a certificate authority (CA) that provides free SSL/TLS certificates. You can obtain a valid SSL certificate for your domain name for free. These certificates are also available for production use. Certificates can only be requested from servers pointing to the domain. Let’s Encrypt performs a DNS check on the domain, which points to the current server. Afterwards, it issues the certificate. This article will introduce how to install Let’s Encrypt client on Ubuntu system and issue an SSL certificate for this domain.
Step 1: Prerequisites
Before you begin this task, it is assumed that you already have:
Usage sudo privilege shell access to the running Ubuntu system. The domain name is registered and points to the server's public IP address. In this article, we use example.com and
www.example.com, which points to our server. Run a web server configured with virtualhost (e.g. .com) and www.example.com on port 80.Step 2: Install Let’s Encrypt client
Download certbot-auto, Let’s Encrypt client and save it in the /usr/sbin directory. Use the following command to do this.
$ sudo wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto $ sudo chmod a+x /usr/sbin/certbot-auto
Step 3: Obtain an SSL Certificate
Let’s Encrypt automatically performs strong domain verification and verifies domain ownership. After the Certificate Authority (CA) verifies the authenticity of the domain, an SSL certificate is issued.
$ sudo certbot-auto certonly --standalone -d example.com -d www.example.com
The above command will prompt for an email address that will be used to send email alerts related to SSL renewal and expiration. In addition, there are still some problems. Once completed, it will issue the SSL certificate and create a new virtual host profile on your system.
Step 4: Check SSL Certificate
If everything goes well. New SSL will be released at the location below. Navigate to the directory below and view the files.
cd /etc/letsencrypt/live/example.com ls
File List:
cert.pem chain.pem fullchain.pem privkey.pem
Step 5: Configure SSL Virtual Host
Use the following configuration for the Apache and Nginx web servers. Edit the virtual host configuration file and add the following certificate entries.
Nginx:
ssl on; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
Apache:
SSLEngine on SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
Step 6: Configure SSL automatic renewal
Finally, in Configure the following job on the server crontab to automatically renew the SSL certificate when needed.
0 2 * * * sudo /usr/sbin/certbot-auto -q renew
This article has ended here. For more other exciting content, you can pay attention to the Linux Video Tutorial column on the PHP Chinese website! ! !
The above is the detailed content of How to set up Let's Encrypt SSL on Ubuntu 18.04 and 16.04 LTS. For more information, please follow other related articles on the PHP Chinese website!