Create SSL Certificate for your site using Let’s Encrypt

Let’s Encrypt is operated by a non-profit called Internet Security Research Group (ISRG). ISRG’s mission is to reduce financial, technological, and education barriers to secure communication over the Internet. It uses ACME to create the certificate for your environment which trusted all over the globe.

We learn how to Create a server and make website up and running in previous blog post, but creating server & website is not an enough in digital world. So, I am come up with blog post related to security of the website.

Nowadays, google is also considering site having SSL while ranking in search result.

It’s time for encrypted communications to be the default on the Web and Let’s Encrypt is going to make it happen. You can read more about becoming partner of Let’s Encrypt here.

I am assuming here that, you have latest server software installed on your environment. If you haven’t, you can install it using the following command.

For Ubuntu/Debian

sudo apt update
sudo apt upgrade

For CentOS

sudo yum update
sudo yum upgrade

Download or clone a let’s encrypt repository. Here I am assuming that you have git installed.

sudo git clone /letsencrypt
cd /letsencrypt

If your server has anything which is running on 80 port then, you need to stop that server software ie. stop apache2 or httpd. Otherwise, let’s encrypt will give you an error message or unable to generate the certificate. 

Create Certificate using letsencrypt command.

Let’s Encrypt automatically performs Domain Validation using a series of challenges. The CA uses challenges to verify the authenticity of your server’s domain.

Here is the syntax for letsencrypt-auto command.

letsencrypt-auto [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

You can also use multiple -d switch to specify the multiple domain, for which you want to generate the certificate. Here is command to generate the certificate. This command will generate the certificate for 6 months.

sudo -H ./letsencrypt-auto certonly --standalone -d -d

When you run the command it will ask you a series of question. Which include the administrative email address. Here administrative email address is very important in case you of any security notice or regain the certificate.

If all goes well then that process create a certificate for you.

Renew Certificate

You can renew same certificate by adding –renew-by-default switch in the command of create certificate. So, command to renew certificate is as following.

sudo -H ./letsencrypt-auto certonly --standalone --renew-by-default -d -d

You can also automate the certificate renewal using the Cron job, but for that, you need to have more knowledge about crontab.

Following is the command to renew the certificate non interactively.

./letsencrypt-auto renew

Add above command into the crontab file as following.

0 0 1 * * /opt/letsencrypt/letsencrypt-auto renew

Here you find the Integration guide for Let’s encrypt that you need to consider. Let’s encrypt has some rate limitation. So, please read both of the document before using it for your production. Thank You.

This site uses Akismet to reduce spam. Learn how your comment data is processed.