SSL Certificates are small files that digitally bind a cryptographic key to an organization’s details. SSL certificates allows a secure connection between web server and browser. It binds domain name, Host name, identity of the organization and location.
To establish secure session between web server and browser, organization needs to install SSL certificate on the web server. If web server has SSL certificate installed, application protocol is changed to HTTPS where ‘S’ stands for secure.
Let’s Encrypt is a Certificate Authority which provides free SSL certificate for your domain. Follow the steps given below to obtain SSL certificate for your domain.
Before you start to install SSL certificate, make sure that you have met the following prerequisites:
First of all, we have to install client that verifies you have a domain and set up the server to serve files. Certbot is the official client for Let’s Encrypt. You can choose any other client if you want. Here in this tutorial, we shall use Certbot. Download and execute it by following commands.
wget https://dl.eff.org/certbot-auto chmod +x certbot-auto
After executing above commands, move it to /usr/bin which is standard location and accessible.
mv certbot-auto /usr/bin
Certbot installation is completed and now it can automatically install any required dependencies.
If you are using Apache then use the command given below:
sudo certbot-auto –apache
If you are using nginx then use the command given below:
sudo certbot-auto –nginx
Now certbot will download some necessary code. Then you will be asked for email address and after that you have to agree Terms of Service to proceed further.
Then you will be asked to select website(s) on which you want HTTPS. If you want to install SSL for all domain then leave that field blank and hit an Enter. If you want to exclude some domain or want SSL for specific domain then enter the sequence number of that domain and hit Enter.
Generally, from the configuration of the server, Certbot can find the domain name. If it cannot find it, It will ask you to type it. At the end, it will ask to redirect all traffic to HTTPS by default. Select an option from the list and hit enter. Now you can visit your website by https://yourwebsitename.com.
Let’s Encrypt certificate expires after 90 days and you have to renew it before it get expired. You can renew it manually by following command
sudo certbot-auto renew
Sometimes it may be possible that certificate get expired and you forget to renew it. To overcome with this problem you have to set up a cron job on your server which will renew the certificate automatically when it get expired. To do so, login to your server with root user and open the crontab file by running command given below:
sudo crontab -e
select the preffered editor and add the line given below
30 12,6 * * * /usr/bin/certbot-auto renew 2>>/var/log/cert-renew.log >>/var/log/cert-renew.log
This will run certbot-auto renew command on at 06:30 and 12:30 everyday and output of this will logged into /var/log/cert-renew.log.
Sometimes, you might want to remove the Let’s Encrypt SSL certificate because of any reason. It may be due to private key is stolen by someone.
To revoke the certificate, run the command given below:
sudo certbot-auto revoke --cert-path /etc/letsencrypt/live//cert.pem
Now you can delete the certificate with this command:
sudo certbot-auto delete --cert-name