Understanding Let's Encrypt and Setting Up SSL Certificates on Ubuntu and CentOS
- Published on
Understanding Let's Encrypt and Setting Up SSL Certificates on Ubuntu and CentOS
Introduction to Let's Encrypt
Let's Encrypt is a free, automated, and open Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates. This enables encrypted HTTPS on web servers, enhancing the security of data transfer between a server and its users. It's an essential step in safeguarding privacy and building trust online.
Step-by-Step Guide to Setting Up Let's Encrypt on Ubuntu and CentOS
We will cover two major web servers: Apache and Nginx, and the process on two popular Linux distributions: Ubuntu and CentOS.
1. Installing Certbot
The Certbot client is used to obtain and renew Let's Encrypt certificates.
Ubuntu:
sudo apt update sudo apt install certbot
For Apache:
sudo apt install python3-certbot-apache
For Nginx:sudo apt install python3-certbot-nginx
CentOS:
sudo yum install epel-release sudo yum install certbot
For Apache:
sudo yum install python2-certbot-apache
For Nginx:sudo yum install python2-certbot-nginx
2. Obtaining an SSL Certificate
For Apache:
- Ubuntu:
sudo certbot --apache -d yourdomain.com -d www.yourdomain.com
- CentOS:
sudo certbot --apache -d yourdomain.com -d www.yourdomain.com
- Ubuntu:
For Nginx:
- Ubuntu:
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
- CentOS:
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
- Ubuntu:
Replace yourdomain.com
with your actual domain. Follow the on-screen instructions to complete the process.
3. Setting Up Automatic Renewal
While Certbot automatically sets up renewal, we will ensure this by creating a systemd service and timer.
Create a systemd service file:
sudo nano /etc/systemd/system/certbot.service
Add:
[Unit] Description=Certbot Renewal [Service] ExecStart=/usr/bin/certbot renew --quiet
Create a systemd timer file:
sudo nano /etc/systemd/system/certbot.timer
Add:
[Unit] Description=Run certbot every 30 days [Timer] OnCalendar=*-*-1/30 00:00:00 Persistent=true [Install] WantedBy=timers.target
Enable and start the timer:
sudo systemctl enable certbot.timer sudo systemctl start certbot.timer
Verify the timer is active:
systemctl list-timers | grep certbot
Reload systemd:
sudo systemctl daemon-reload
Conclusion
With Let's Encrypt and Certbot, setting up SSL certificates on your web servers is straightforward and cost-effective. Remember, a secure web is a more trustworthy web. Whether you're using Apache or Nginx, on Ubuntu or CentOS, these steps will help ensure your website remains secure and your SSL certificates up to date.
Always test your configuration after setup and periodically check the status of your certificates to ensure everything is functioning correctly. Happy encrypting!