Prerequisites
- SSH with root access or sudo user access to Debian 9 server
- The Apache web server with properly a domain and vhost configured
Step 1: Installing Let’sEncrypt certbot
The first step to using Let’s Encrypt to obtain an SSL certificate is to install the certbot Let’s Encrypt client on your server. To install run this:
# sudo apt-get install certbot
Step 2: Create and install the SSL certificates
Generating the SSL Certificate for Apache using the Let’s Encrypt client is quite straightforward. The client will automatically obtain and install a new SSL certificate that is valid for the domains in our Apache configuration. To execute the interactive installation and obtain a certificate for all of the domains de ned in your Apache configuration, type:
# sudo certbot --apache
Step 3: Check the SSL certificate(s) configuration
At above stage your certificate is created and configured. Now check your domain virtualhost conf le with the ssl is like this or not. If not then put these manually on virtualhost’s ssl configuration:
... SSLCertificateFile /etc/letsencrypt/live/<your-domain>/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/<your-domain>/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/<your-domain>/chain.pem ...
Now need to test as our configuration goes right with this –
# sudo apachectl configtest
Finally, restart apache and your SSL should start working now.
# sudo service apache2 reload
Step 4: Setting up for the auto renewal
The Certbot packages on your system come with a cronjob that will renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:
# sudo certbot renew --dry-run
That’s all.