Creating SSL Certificates using CertBot Certificate Authoriy (CA) in Debian 8 Jessie

Creating SSL Certificates using Certbot in Debian Jessie 8.7:

Adding backport repository:

First of all, add the backport Repository to Debian apt repositories.

Now update the apt package cache using the following command.

Installing CertBot Apache client:

Now Install the Certbot client using the following command.

Note: We are passing -t  option to the installer, That means we are telling apt to install it from the jessie-backports  repository.

Sample Output:

Now Certbot Apache client is installed on your server. You can request SSL certificates from the Let’s Encrypt or CertBot Certificate authority aka CA.

Note :   python-certbot-apache  client package installs the apache server if it is not installed already.

Generating the SSL Certificates using CertBot Certificate Authority (CA):

Replace the test.sillycodes.com  with your Domain name.

Then you will be prompted for the recovery mail id, Give one mail this mail is useful for you to recover your certs if you lost. So give one Email-ID and press OK. Please see the following image.

It will also, asks you to accept the  Let’s Encrypt Subscriber Agreement. Press the Agree.

Now, CertBot client app will ask for the type of Security.

We have two options here,

• Easy – It will allow both HTTP and HTTPS connections.
• Secure – It will redirect all HTTP requests to HTTPS, So all connections to our server will be made using HTTPS.

I choose Secure So that all connections to my server will be encrypted. You can choose Easy If any of your applications need HTTP.

It will also provide a link where you can check the HTTPS status of your Server.

If everything went well, You will be presented with a congratulations screen saying you are successfully created and installed SSL certificates, This screen also shows the expiry date of the certificates and Location of the certificates.

Few Notes:

• Presently default expiry date for the certificates is three months from the day of creation i.e 90 days.
• Let’s encrypt can not create SSL certificates for the IP Addresses, You must need one domain name.
• Now your SSL certificates are available under the /etc/letsencrypt/live folder.

Checking SSL Certificates Status:

Now, Open your web browser and try to connect to it using https. If everything went well you will see green https connection. you can also see it is signed by let’s encrypt CA or CERTBOT CA.

https://yourdomain.com

You can also test your websites SSL certification encryption status by visiting following URL.

https://www.ssllabs.com/ssltest/analyze.html?d=yourdomain.com&latest

Replace the yourdomain.com  with your domain name.

Renew :

You can renew the SSL certificates using the following command.

Setting up Cron Job to Renew CertBot SSL Certificates automatically:

We can use the following cronjob to renew the SSL Certificates automatically.  First of all Open the Crontab using following command.

Select your favorite editor by giving the number,  Here I am using vim.basic.  If your beginner in linux, I recommend you to choose nano.

Then go to the bottom of the crontab and paste the following command and save the file.

What will above cronjob do:

Above cron will run on every Monday 0:00 server time. This will try to update the SSL Certificates. By default, the certbot application will renew the certificate if it is within 30 days of expiring. I chose to run the command every week to be safe.

That’s it, Congratulations, You’re successfully created and Installed SSL certificates for your Apache web server.