Understanding Let's Encrypt and Setting Up SSL Certificates on Ubuntu and CentOS

By Michele Berardi
Picture of the author
Published on
Illustration of a web server and a padlock connected by a secure link, symbolizing SSL/TLS encryption in a digital-themed background.

Understanding Let's Encrypt and Setting Up SSL Certificates on Ubuntu and CentOS

Introduction to Let's Encrypt

Let's Encrypt is a free, automated, and open Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates. This enables encrypted HTTPS on web servers, enhancing the security of data transfer between a server and its users. It's an essential step in safeguarding privacy and building trust online.

Step-by-Step Guide to Setting Up Let's Encrypt on Ubuntu and CentOS

We will cover two major web servers: Apache and Nginx, and the process on two popular Linux distributions: Ubuntu and CentOS.

1. Installing Certbot

The Certbot client is used to obtain and renew Let's Encrypt certificates.

  • Ubuntu:

    sudo apt update
    sudo apt install certbot
    

    For Apache: sudo apt install python3-certbot-apache For Nginx: sudo apt install python3-certbot-nginx

  • CentOS:

    sudo yum install epel-release
    sudo yum install certbot
    

    For Apache: sudo yum install python2-certbot-apache For Nginx: sudo yum install python2-certbot-nginx

2. Obtaining an SSL Certificate

  • For Apache:

    • Ubuntu: sudo certbot --apache -d yourdomain.com -d www.yourdomain.com
    • CentOS: sudo certbot --apache -d yourdomain.com -d www.yourdomain.com
  • For Nginx:

    • Ubuntu: sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
    • CentOS: sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Replace yourdomain.com with your actual domain. Follow the on-screen instructions to complete the process.

3. Setting Up Automatic Renewal

While Certbot automatically sets up renewal, we will ensure this by creating a systemd service and timer.

  • Create a systemd service file:

    sudo nano /etc/systemd/system/certbot.service
    

    Add:

    [Unit]
    Description=Certbot Renewal
    
    [Service]
    ExecStart=/usr/bin/certbot renew --quiet
    
  • Create a systemd timer file:

    sudo nano /etc/systemd/system/certbot.timer
    

    Add:

    [Unit]
    Description=Run certbot every 30 days
    
    [Timer]
    OnCalendar=*-*-1/30 00:00:00
    Persistent=true
    
    [Install]
    WantedBy=timers.target
    
  • Enable and start the timer:

    sudo systemctl enable certbot.timer
    sudo systemctl start certbot.timer
    
  • Verify the timer is active:

    systemctl list-timers | grep certbot
    
  • Reload systemd:

    sudo systemctl daemon-reload
    

Conclusion

With Let's Encrypt and Certbot, setting up SSL certificates on your web servers is straightforward and cost-effective. Remember, a secure web is a more trustworthy web. Whether you're using Apache or Nginx, on Ubuntu or CentOS, these steps will help ensure your website remains secure and your SSL certificates up to date.

Always test your configuration after setup and periodically check the status of your certificates to ensure everything is functioning correctly. Happy encrypting!

Stay Tuned

Want to become a AI pro?
The best articles, links and news related to AI delivered once a week to your inbox.