Installing and Configuring Let’s Encrypt SSL

On the test I will install Let’s Encrypt which allows you to install free SSL certificates for 90 days and automatically re-issue them.

Let’s say that Apache2 is installed on Ubuntu Server and there is one site for which we configured one configuration file /etc/apache2/sites-available/test.conf and turned it on:

sudo a2ensite test
sudo service apache2 restart

See the configuration example in my article – Installing and Configuring the Apache2 Web Server
The site works by HTTP on 80, now we start installation of Let’s Encrypt:

sudo apt-get update
sudo apt-get install git
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

Let’s move to the directory with Let’s Encrypt and ask for a certificate for the site:

cd /opt/letsencrypt
sudo ./letsencrypt-auto --apache -d example.com

You can also request for a www subdomain:

sudo ./letsencrypt-auto --apache -d example.com -d www.example.com

I replaced in the article the real name of the site on example.com. To receive a certificate, the site must be accessible by domain name from the Internet.
For resources within the network, with gray IP, you can not get a certificate.

After receiving the certificate, another configuration file /etc/apache2/sites-available/test-le-ssl.conf was created and activated with the following contents:

<IfModule mod_ssl.c>
<VirtualHost *:443>
     ServerName example.com
     DocumentRoot /var/www/test/

     <Directory /var/www/test>
     Options -Indexes
     AllowOverride All
     Order allow,deny
     allow from all
     </Directory>

     ErrorLog /var/log/test.error.log
     CustomLog /var/log/test.access.log combined
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Since during the receipt of the certificate I agreed to forward HTTP requests to HTTPS, at the end of my configuration file /etc/apache2/sites-available/test.conf the following was added:

RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

After the certificate expires, you can update it with the command:

sudo /opt/letsencrypt/letsencrypt-auto renew

You can also add a command to Cron for automatic updates, see my article – Using and configuring CRON

Example of adding to Cron (every Monday at 3:15):

sudo crontab -e
15 3 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/letsencrypt-renew.log

If the certificate expires and the update command is executed, nothing happens:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
——————————————————————————-
Processing /etc/letsencrypt/renewal/example.com.conf
——————————————————————————-
Cert not yet due for renewal
——————————————————————————-
The following certs are not due for renewal yet:
/etc/letsencrypt/live/example.com/fullchain.pem expires on 2018-08-01 (skipped)
No renewals were attempted.
——————————————————————————-

See also:
Installing Certbot in Ubuntu

Подписаться на IT Blog (RU) по Email
Subscribe to IT Blog (EN) by Email

Did my article help you? How about buying me a cup of coffee as an encouragement? Buy me a coffe.

Leave a Reply