Creating SSL Certificates using CertBot Certificate Authoriy (CA) in Debian 8 Jessie

Spread the love

Creating SSL Certificates using Certbot in Debian Jessie 8.7:

Create SSL and HTTPS certificates for Your website using Certbot or Let's Encrypt

Adding backport repository:

First of all, add the backport Repository to Debian apt repositories.

Now update the apt package cache using the following command.

Installing CertBot Apache client:

Now Install the Certbot client using the following command.

Note: We are passing -t  option to the installer, That means we are telling apt to install it from the jessie-backports  repository.

Sample Output:

Now Certbot Apache client is installed on your server. You can request SSL certificates from the Let’s Encrypt or CertBot Certificate authority aka CA.

Note :   python-certbot-apache  client package installs the apache server if it is not installed already.

Generating the SSL Certificates using CertBot Certificate Authority (CA):

Replace the test.sillycodes.com  with your Domain name.

Then you will be prompted for the recovery mail id, Give one mail this mail is useful for you to recover your certs if you lost. So give one Email-ID and press OK. Please see the following image.

SSL certificates creating on Debian 7 or 8 with Let's Encrypt CA

It will also, asks you to accept the  Let’s Encrypt Subscriber Agreement. Press the Agree.

Agree the let's encrypt or Certbot subscriber Agreement

Now, CertBot client app will ask for the type of Security.

CertBot EASY or Secure connection window.
We have two options here,

  • Easy – It will allow both HTTP and HTTPS connections.
  • Secure – It will redirect all HTTP requests to HTTPS, So all connections to our server will be made using HTTPS.

I choose Secure So that all connections to my server will be encrypted. You can choose Easy If any of your applications need HTTP.

It will also provide a link where you can check the HTTPS status of your Server.

If everything went well, You will be presented with a congratulations screen saying you are successfully created and installed SSL certificates, This screen also shows the expiry date of the certificates and Location of the certificates.

Successfully created SSL Certificates for your site using CERTBOT CA.

Few Notes:

  • Presently default expiry date for the certificates is three months from the day of creation i.e 90 days.
  • Let’s encrypt can not create SSL certificates for the IP Addresses, You must need one domain name.
  • Now your SSL certificates are available under the /etc/letsencrypt/live folder.

Checking SSL Certificates Status:

Now, Open your web browser and try to connect to it using https. If everything went well you will see green https connection. you can also see it is signed by let’s encrypt CA or CERTBOT CA.

https://yourdomain.com

CertBOT HTTPS testing

You can also test your websites SSL certification encryption status by visiting following URL.

https://www.ssllabs.com/ssltest/analyze.html?d=yourdomain.com&latest

Replace the yourdomain.com  with your domain name.

Renew :

You can renew the SSL certificates using the following command.

Setting up Cron Job to Renew CertBot SSL Certificates automatically:

We can use the following cronjob to renew the SSL Certificates automatically.  First of all Open the Crontab using following command.

 Editing and creating cron jobs using crontab

Select your favorite editor by giving the number,  Here I am using vim.basic.  If your beginner in linux, I recommend you to choose nano.

Then go to the bottom of the crontab and paste the following command and save the file.

What will above cronjob do:

Above cron will run on every Monday 0:00 server time. This will try to update the SSL Certificates. By default, the certbot application will renew the certificate if it is within 30 days of expiring. I chose to run the command every week to be safe.

That’s it, Congratulations, You’re successfully created and Installed SSL certificates for your Apache web server.

Venkatesh Macha

Hi Guys, I am Venkatesh Macha. Founder of SillyCodes. I am a programmer, Presently working as a Software Engineer in Hyderabad. I love Linux and Open Source. Apart from that, I love to explore new technologies and things.

You may also like...

1 Response

  1. March 25, 2017

    […] our previous post, We discussed how to install SSL Certificates from Certbot or letsencrypt CA in Debian. Now in this tutorial, we will try to create the SSL certificates in Ubuntu 14.04 server. […]

Leave a Reply