Select Page

Let’s Encrypt is a nonprofit Certificate Authority providing TLS certificates to more than 190 million websites around the world. They have issued over a billion certificates.
They provide a great service for everyone, as security is becoming a big issue in the world, with every browser incorporating warnings when you enter websites that don’t have a SSL certificate, it has become one of those things that you have to do to your brand new website. We are going to help you set up Let’s Encrypt very easily for Ubuntu 18.04 considering that you have shell access, also for people that don’t use SSH and are part of a shared hosting plan or use Cpanel with a hosting account. You need to check this list to find out if your hosting provider is listed here, more and more hosting companies are joining every day so be on the lookout for that!

Couple of things you will need for this tutorial:
Domain name
Ubuntu 18 04 server
Apache installed
DNS A Records pointing to your server

First Step – Certbot

We will install Certbot software on our server so that we can use it to get and update certificates. Usually the Certbot that comes with a fresh installation has outdated packages, so we will make sure we have the newest version on our server:
1, Adding the repository for certbot
sudo add-apt-repository ppa:certbot/certbot

2. Installing certbot’s packages with apt.
sudo apt install python-certbot-apache

We have Certbot ready to use now!

Second Step – Setting up SSL Certificate

1. We need to check if your ServerName in sites-available is set to your domain.

sudo nano /etc/apache2/sites-available/your_domain.conf

Here we can check the ServerName if its set to your_domain
If that is correct just exit, if its not then simply put your domain there, save and exit.

sudo systemctl reload apache2

Run this command to check if everything is correct and if you get Syntax OK everything is good to go!

Third Step – Obtaining SSL Certificate

The moment of truth is here! We will be using Certbot which we installed in step 1, also we will be using the Apache plugin,

sudo certbot --apache -d your_domain -d www.your_domain

This is the most important command that we run, this command will use certbot and apache plugin to register a SSL certificate for your domain.

If this is your first time running certbot, you will be prompted to enter an email address and agree to the terms of service. After doing so, certbot will communicate with the Let’s Encrypt server, then run a challenge to verify that you control the domain you’re requesting a certificate for.

If that’s successful, certbot will ask how you’d like to configure your HTTPS settings:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

When you make your choice hit ENTER and you will be greeted with this message:

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your cert will expire on 2018-07-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:
   Donating to EFF:          

We have successfully added an SSL Certificate to our new domain (website) You can check the status of your domain (certificate) by testing it here.

We are not done yet! We want to check if the SSL Certificate will update automatically and correctly so we will do a dry run to check if everything works as expected!

sudo certbot renew --dry-run

If you see no errors here, you are all set!

We hope you found this article useful and if you have any trouble or are simply afraid of going into your server’s shell and messing with it we totally understand that and we are here to help. Feel free to contact us!