How to Install Free SSL on Ubuntu Server using Let’s Encrypt

How to install Free SSL on Ubuntu Server || manojdamor.com
Introduction
Securing a website with SSL (Secure Sockets Layer) is essential to protect sensitive data and ensure a trusted connection between the server and the users’ browsers. While SSL certificates were once costly and required complex configuration, there are now free SSL options available that make it easier than ever to add SSL to your Ubuntu server. In this blog post, we will explore the process of adding a free SSL certificate to an Ubuntu server using Let’s Encrypt, a popular certificate authority. We will cover the steps involved in installing and configuring the necessary software, obtaining the SSL certificate, and enabling SSL on the server.
- Installing Certbot
Certbot is a widely used tool for managing SSL certificates from Let’s Encrypt. To get started, we need to install Certbot on our Ubuntu server.
Step 1: Update Package Lists Open a terminal window and execute the following command to update the package lists:
sudo apt update
Step 2: Install Certbot
Once the package lists are updated, install Certbot using the following command:
sudo apt install certbot
- Obtaining SSL Certificate
With Certbot installed, we can now obtain an SSL certificate from Let’s Encrypt.
Step 1: Choose Verification Method Certbot offers multiple verification methods to prove that you own the domain for which you are requesting the SSL certificate. The two common methods are “HTTP” and “DNS” verification. Choose the method that best suits your server setup and domain configuration.
Step 2: Run Certbot Command To obtain the SSL certificate, run the Certbot command in the terminal, replacing “example.com” with your domain name:
sudo certbot certonly --standalone -d example.com
Certbot will communicate with the Let’s Encrypt servers, verify ownership of the domain, and issue the SSL certificate.
Step 3: Configure Certificate Options After obtaining the SSL certificate, Certbot will display some configuration options. You can choose whether to redirect HTTP traffic to HTTPS, or customize the SSL certificate settings according to your requirements.
- Enabling SSL on the Server
Now that we have obtained the SSL certificate, we need to configure our server to use it.
Step 1: Modify Web Server Configuration The configuration file for your web server (such as Apache or Nginx) needs to be updated to enable SSL.
For Apache, open the configuration file using a text editor:
sudo nano /etc/apache2/sites-available/default-ssl.conf
Locate the “SSLCertificateFile” and “SSLCertificateKeyFile” directives and update them with the correct paths to your SSL certificate and private key files, respectively.
For Nginx, open the configuration file using a text editor:
sudo nano /etc/nginx/sites-available/default
Add the following lines within the server block:
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
Replace “example.com” with your domain name.
Step 2: Restart Web Server After making the necessary configuration changes, restart your web server to apply the SSL settings:
sudo systemctl restart apache2 # For Apache
sudo systemctl restart nginx # For Nginx
- Automatic Certificate Renewal
SSL certificates from Let’s Encrypt are valid for a limited period. To ensure uninterrupted SSL coverage, it is crucial to set up automatic certificate renewal.
Certbot offers a built-in mechanism for certificate renewal. You can set up a cron job that runs Certbot at regular intervals to check for expiring certificates and automatically renew them if necessary.
To set up the renewal cron job, open a terminal window and execute the following command:
sudo crontab -e
Add the following line at the end of the file to run Certbot twice daily and attempt renewal if the certificate is within 30 days of expiration:
0 */12 * * * certbot renew --quiet
Save and exit the editor.
Conclusion
Adding a free SSL certificate to an Ubuntu server is a crucial step in securing your website and protecting user data. In this blog post, we explored the process of adding SSL to an Ubuntu server using Let’s Encrypt and Certbot. By installing Certbot, obtaining the SSL certificate, and configuring the web server to use SSL, we can ensure a trusted and encrypted connection for our website visitors. Additionally, setting up automatic certificate renewal ensures that SSL coverage remains uninterrupted. With free SSL options like Let’s Encrypt, website owners no longer need to invest heavily in SSL certificates, making it easier than ever to provide a secure browsing experience for users.