How to Install free SSL certificates using CertBot CA in ubuntu
In our previous post, We discussed how to install SSL Certificates from Certbot or letsencrypt CA in Debian. Now in this tutorial, we will try to create the SSL certificates in Ubuntu server. Let’s get started.
Installing Apache web server
First of all, We need to install the apache web server. Please use the following command to install it.
|
1 |
apt-get install apache2 |
Then enable apache SSL module and restart the apache web server.
|
1 2 3 |
a2enmod ssl a2ensite default-ssl.conf /etc/init.d/apache2 restart |
Now Apache web server is installed and listening on the port 80. You can check it by pointing your browser to your website address.
|
1 |
http://yourdomain.com |
Creating free SSL certificates using Certbot CA
Now we need to download the certbot installer. So use below command to download the installer.
|
1 |
wget https://dl.eff.org/certbot-auto |
Then give the execution permission to the certbot script using the following command.
|
1 |
chmod +x certbot-auto |
Now Certbot script is ready to run, Before running the script make sure your server have valid DNS record. Because CertBot is not providing the SSL certificates for IP addresses. So Please get one domain name for your server if you don’t have one now. Once you got the domain name run the installer like below.
|
1 |
# ./certbot-auto --apache -d test.sillycodes.com |
We need to specify the domain name after the d argument. So replace the test.sillycodes.com with your desired domain name. then hit Enter.
Now the installer will install all dependencies and ask for your confirmation before installing, So give yes to continue the installation.
Sample Output:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
root@ubuntu:/usr/local/sbin# ./certbot-auto -d test.sillycodes.com Bootstrapping dependencies for Debian-based OSes... ................... Ign http://mirrors.digitalocean.com trusty/universe Translation-en_US Fetched 6,215 kB in 20s (303 kB/s) Reading package lists... Done Reading package lists... Done Building dependency tree Reading state information... Done python is already the newest version. ca-certificates is already the newest version. openssl is already the newest version. The following extra packages will be installed: binutils gcc-4.8 libasan0 libatomic1 libc-dev-bin libc6 libc6-dev libexpat1-dev libgcc-4.8-dev libgomp1 libitm1 libpython-dev libpython2.7-dev libquadmath0 libtsan0 linux-libc-dev python2.7-dev zlib1g-dev Suggested packages: augeas-doc binutils-doc gcc-multilib make manpages-dev autoconf automake1.9 libtool flex bison gdb gcc-doc gcc-4.8-multilib gcc-4.8-doc gcc-4.8-locales libgcc1-dbg libgomp1-dbg libitm1-dbg libatomic1-dbg libasan0-dbg libtsan0-dbg libquadmath0-dbg augeas-tools glibc-doc Recommended packages: libssl-doc python-pip The following NEW packages will be installed: augeas-lenses binutils gcc gcc-4.8 libasan0 libatomic1 libaugeas0 libc-dev-bin libc6-dev libexpat1-dev libffi-dev libgcc-4.8-dev libgomp1 libitm1 libpython-dev libpython2.7-dev libquadmath0 libssl-dev libtsan0 linux-libc-dev python-dev python-virtualenv python2.7-dev zlib1g-dev The following packages will be upgraded: libc6 1 upgraded, 24 newly installed, 0 to remove and 8 not upgraded. Need to get 42.3 MB of archives. After this operation, 97.3 MB of additional disk space will be used. Do you want to continue? [Y/n] Y |
Then the installer will ask you for the recovery email address, This email address is used for recovery of certs and you will also get the certificate expiry reminders. So give one email id and continue.
Then you need to accept the letsencrypt subscriber agreement. Press Agree and continue.
Then it will ask you for the type of security. You can choose anything here. Secure will redirect all HTPP request to HTTPS. Select desired option and hit ok.
If everything went well, You will be presented with a congratulations screen saying you are successfully created and installed SSL certificates. you can test your SSL connection by visiting provided URL.
You will also get IMPORTANT NOTES screen, When you can find Expire date of the Certificates and Folder of the certificates.
Now your SSL certificates are available under the /etc/letsencrypt/live folder.
That’s it, Congratulations, You’re successfully created and Installed SSL certificates for your Apache web server.
