Creating SSL/TLS certificates using Let’s Encrypt / CertBot CA on Ubuntu and Debian systems.
Let’s Encrypt is new Certificate Authority (CA) to provide free and Secure SSL certificates. Now we will look into how to secure your WebServer with SSL certificates of Let’s Encrypt CA.
Securing Apache WebServer using Let’s encrypt SSL certificates :
First of all Install the apache.
apt-get install apache2
Then enable apache ssl module and restart the apache webserver.
a2enmod ssl
a2ensite default-ssl.conf
/etc/init.d/apache2 restart
Now Apache web server is installed and listening on the port 80. You can check it by pointing your browser to your website address.
http://yourdomain.com
Now we have apache web server, Let’s see how to secure this web server using Let’s Encrypt SSL certificates. Before creating SSL certificates we need to download the Lets Encrypt client. Lets encrypt client is available on github. we just need to clone it and then we are ready to create our free SSL certificates.
Installing Let’s Encrypt client :
We need git for cloning the github repo, So first install the git using the following command.
apt-get install git
Now we need to clone the let’s encrypt repo, To do this go to your preferred directory and run the following clone command.
cd /usr/src/git clone https://github.com/letsencrypt/letsencrypt
Now we have the let’s encrypt client also. Let’s go ahead and create the SSL certificates using this client.
Creating SSL certificates for the Apache web Server using Lets Encrypt:
We can use the letsencrypt-auto wrapper script, This script is fully automated for apache web server through Apache plugin. All we need to do is just passing the apache parameter to it.
We can get the full help of this command by running following command.
cd /usr/src/letsencrypt
./letsencrypt-auto –help all
Now run this let’s encrypt client with the Apache plugin. For example, if you want to create SSL certificates for the yourdomain.com and sub.yourdomain.com, using the Apache plugin to both obtain and install the certs, you could run the following command.
./letsencrypt-auto –apache -d yourdomain.com -d sub.yourdomain.com
Then you will be prompted for the recovery mail id, Give one mail this mail is useful for you to recover your certs if you lost. also asks you to accept the Let’s Encrypt Subscriber Agreement.
If everything went well, You will be presented with a congratulations screen saying you are successfully created and installed SSL certificates, This screen also shows the expiry date of the certificates.
Presently default expiry date for the certificates is three months from the day of creation i.e 90 days.
Note : Let’s encrypt can not create SSL certificates for the IP Addresses, You must need one domain name.
Now your SSL certificates are available under the /etc/letsencrypt/live folder.
Now, Open your web browser and try to connect to it using https. If everything went well you will see green https connection. you can also see it is signed by let’s encrypt CA.
https://yourdomain.com
You can also test your websites SSL certification encryption status by visiting following URL.
https://www.ssllabs.com/ssltest/analyze.html
That’s it, Congratulations, You’re successfully created and Installed SSL certificates for your Apache web server.
Let’s Encrypt certificates works for other Web Servers also. I will write about them in my upcoming blog posts.
