Install Free Let’s Encrypt SSL Certificates (Apache/Nginx)

by

If you own a website, one of the best ways to improve security is to install an SSL certificate on your website. An SSL certificate encrypts sensitive data over the internet and says that you are running a good business online.

Well, a conventional SSL Certificate costs a bit. But Let’s Encrypt offers FREE SSL Certificates and it is auto-renewable. Google also ranks you on the top pages whose sites have a valid SSL certificate.

Not Secured Domain Name
“Not secure” warning on Browser

Recently, I installed Flarum Forum on the Ubuntu server and I haven’t configured any SSL encryption. And you can see when I visited the site, it is showing a “Not secure” warning.

So then, let’s get started with installing the free SSL Certificate on the webserver.

Table of Content:

Install Free SSL Certificate to Server

There are various methods and scripts available for Installing Let’s Encrypt Free SSL on a server and even directly to the website. Here, in this tutorial, we are going to use the official Certbot method to install the SSL certificates on Ubuntu or Debian-based systems.

In case you have a different Linux system then visit the EFF official documentation to install Certbot and SSL certificates.

Step – 1. Connect System Using SSH

Connect System using SSH on WindowsTerminal
SSH Terminal

Step – 2. Install snapd

Canonical Snapcraft is an app package manager for Linux, and it’s come pre-installed with Ubuntu. However, if you are using any different system than Ubuntu then need to install the Snap package manager.

Use the following commands to install snapd package:

sudo apt install snapd
sudo snap install core; sudo snap refresh core
Note: - Above the following command will work with Debian/Ubuntu-based distributions like Pop! OS, Elementary OS, etc. For other distributions, you must visit the official website.

Step – 3. Install Certbot

Use the following snap command to install Certbot, which will help in installing Let’s Encrypt SSL Certificate. Let’s Encrypt SSL Certificate expires after 90 days, but Certbot will help with automatic renewal without running any other commands.

sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Step – 5. Install Free Let’s Encrypt SSL Certificate

Install SSL for Apache:

sudo certbot --apache

Install SSL for Nginx:

sudo certbot --nginx

You have to make sure which type of HTTP server is running on the system. Whether it is Apache or Nginx? If one of them is installed/running on the system then you must choose the command from above (accordingly).

After executing the command it will prompt you to choose your domain name. As you can see in the image below, they the domain number and hit enter, to configure the Let’s Encrypt SSL Certificate.

Select Domains To Install Let's Encrypt SSL Certificate
Certbot Domain Selection
Note: - Before installing the SSL certificate, you have to make sure that your domain name system (DNS) is fully configured with your server and that the server is also configured with Apache Virtual Host or Nginx Server Block.

Step – 6. Test Automatic Renewal

sudo certbot renew --dry-run
Certbot SSL Auto Renewal Check
Certbot Auto-renewal simulation

Execute the renewal test command to simulate the auto-renewals. As shown in the image above, if you got a success message then, your Free SSL Certificate installation is completed and you can visit your website to check.

SSL Secured Domain Name
SSL Secured Website
Must Read: - Know, How to Install Free SSL on cPanel? Manually.

FAQs

Is Let’s Encrypt SSL safe?

Let’s Encrypt is a non-profit certificate authority that provides free SSL certificates. It is safe to use as a paid SSL certificate.

Are the Let’s Encrypt Certificates secure?

Experts say that using Let’s Encrypt’s free SSL is as secure as using a paid SSL certificate issued by an authority. However, Let’s Encrypt’s free SSL certificate expires soon (in 90 days).

Why use Let’s Encrypt SSL?

If you don’t want to use the Let’s Encrypt Free SSL certificate, then you must choose any paid alternative like EV certificates from Namecheap. But having none of them is bad for security and your website’s data.

When will Let’s Encrypt SSL expire?

Let’s Encrypt SSL is free but it expires after 90-days. However, you can renew it for free.

How to remove Let’s Encrypt SSL?

Revomoving Let’s Encrypt SSL certificates from the server is simple, you can use the Command line to do it if you are using VPS. And if you are using shared hosting based on cPanel then you need to follow simple instructions to do it.

How to renew the Let’s Encrypt SSL certificate?

Let’s Encrypt SSL Certificate expires after 90 days. To renew it on a server you can use Certbot, and it will renew it automatically. And for cPanel users, you must renew manually or contact the hosting provider.

Where does Let’s Encrypt store certificates on Ubuntu?

The Let’s Encrypt SSL certificate files can be found in the following directory: /etc/letsencrypt/live/example.com/.

Summary

If you already have a good hosting provider, installing an SSL Certificate on your website is easy and some provide it for free. If you are not sure how to install an SSL Certificate, then you must contact to hosting provider.

Alternatively, if your hosting provider doesn’t provide options to install SSL then configure Cloudflare CDN & SSL.

If you install an SSL Certificate on your website, you rank higher in Google for searches regarding secure websites.

Pronay Sarkar

Hello!
I am Pronay Sarkar, I love to write about tech and stuff. I am a college graduate from the University of Delhi.

...

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.