We’ll show you, How to install Let’s Encrypt on Ubuntu 16.04 with Nginx. Let’s Encrypt is a relatively new SSL Certificate Authority (CA) that provides completely free SSL certificates that are just as secure as the paid certificates issued by the major trusted certificate authorities. Let’s Encrypt is supported by major players like Mozilla, Akamai, Cisco, the EFF and managed by the Linux Foundation. In this article we will guide you through the steps of installing Let’s Encrypt SSL certificate on an Ubuntu 16.04 VPS with Nginx web server. We assume that you already have Nginx installed and configured on your server. Installing Let’s Encrypt on Ubuntu 16.04 with Nginx, is really an easy task and should take around 10 minutes.
1. Update the system
Log in to your Ubuntu 16.04 VPS via SSH as user root
ssh root@IP_Address -p Port_Number
and make sure that it is fully up to date
apt-get update && apt-get upgrade
2. Install Certbot client
Certbot is a client that fetches a certificate from Let’s Encrypt. Its developers have created their own Ubuntu Repository where you can get the latest version of the client.
Run the following command to add the Certbot repository
add-apt-repository ppa:certbot/certbot
Accept the installation, update the package list and install Certbot for Nginx
apt-get update apt-get install python-certbot-nginx
At this step Certbot is installed and you are ready to obtain your free Let’s Encrypt SSL certificate.
3. Obtain a Let’s Encrypt Certificate
The certificate can be installed using several Certbot plugins. In this tutorial we will use the Nginx plugin which will make all necessary steps such as configuring Nginx and reloading its configuration.
To do this, run the following command
certbot --nginx -d domain.com -d www.domain.com
And of course, replace ‘domain.com’ with your actual domain name.
When you generate a certificate for the firs time, you will have to enter your email address and agree with Certbot’s terms of service.
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. ------------------------------------------------------------------------------- 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
If you want all your website visitors to be redirected to HTTP which is the recommended option, select number 2 and hit the ‘Enter’ key.
If the Let’s Encrypt SSL certificate is successfully installed you will get the following output
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/domain.com/fullchain.pem. Your cert will expire on 2017-10-23. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Now you should have successfully installed and configured Let’s Encrypt SSL certificate on your ‘domain.com’ domain name. You can check this by visiting https://domain.com
Let’s Encrypt SSL certificates are valid for 90 days, and we will configure it to be automatically renewed by creating a cron job. Let’s Encrypt recommends the automatic renew cronjob to run twice a day. So, edit the crontab
crontab -e
and add the following line
* */12 * * * /usr/bin/certbot renew >/dev/null 2>&1
Of course you don’t have to to install Let’s Encrypt on Ubuntu 16.04 with Nginx, if you use one of our Linux Cloud VPS Hosting services, in which case you can simply ask our expert Linux adminsto install Let’s Encrypt on Ubuntu 16.04 with Nginx, on your server. They are available 24×7 and will take care of your request immediately.
PS. If you liked this post, on how to to install Let’s Encrypt on Ubuntu 16.04 with Nginx, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.
It works great!!!