How To Install Free SSL From Let’s Encrypt With Apache2/Nginx On Ubuntu 20.04 (2021)

How To Install Free SSL From Let’s Encrypt With Apache2/Nginx On Ubuntu 20.04 – SSL is a protocol used to encrypt data between server and client. This is to ensure that any information transmitted over an SSL connection cannot be shared or altered by third parties without the knowledge of the secret key. An SSL certificate is very important for securing a website, as well as ensuring that visitors can trust the website with their personal information.

What is SSL?

SSL (Secure Sockets Layer) is a very commonly used internet protocol designed to encrypt network traffic and therefore enable secure communication over the network. Whenever SSL is enabled on a website, there is a special SSL certificate associated with it. This certificate contains information such as domain name, webserver, certificate issuing authority name, certificate expiration date, etc.

What is Let’s Encrypt?

Let’s Encrypt is a free, automated, and open Certification Authority (Certificate Authority commonly abbreviated as CA). a non-profit certificate authority run by the Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge. Which was launched on April 12, 2016. The Let’s Encrypt certificate is valid for 90 days, of which renewal can be made at any time.

To enable HTTPS on a website, we need to get a certificate (a type of file) from a Certificate Authority (CA). Let’s Encrypt is a CA. To get our website’s domain certificate from Let’s Encrypt, we have to demonstrate control over the domain. With Let’s Encrypt, we do this using software that uses the ACME (Automatic Certificate Management Environment) protocol that normally runs on our webhosting.

install free ssl

What is needed to Install Free SSL From Let’s Encrypt

What is needed to Install Free SSL From Let’s Encrypt:

This test was tested using AWS (Amazon Web Services), it will also work fine on other cloud services and on a VPS or dedicated server running Ubuntu.

Make sure A Record has been redirected to the virtual machine instance’s public IPv4 address and CNAME created for the domain name.

How to Install Free SSL Let’s Encrypt for Apache2/NginX

Step 1: Update Package index

Before starting the installation, as usual we need access to the server via SSH. After logging into the server via SSH, make sure and make it a habit to update the package index. So that all installed packages are updated to the new version.

sudo apt update -y && sudo apt upgrade -y

Step 2: Install snapd

Run it to make sure we have the latest version of snapd:

sudo snap install core; sudo snap refresh core
core 16-2.52.1 from Canonical✓ installed                      snap "core" has no updates available

Step 3: Install Certbot

sudo snap install --classic certbot
certbot 1.20.0 from Certbot Project (certbot-eff✓) installed

Install Free SSL Let’s Encrypt For Apache2:

sudo certbot --apache

Install Free SSL Let’s Encrypt for NginX:

sudo certbot --nginx

Step 4: Registering Email & Domain Certification

Then fill e-mail address for renewal and security notification:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)                                                           (Enter 'c' to cancel): [email protected]
                                                              - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Then type Y or Yes have read the ToS:

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The next step whether we want to share our email EFF:

Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Account registered.

The next step is to add a domain for certification, for example: DOMAIN_NAME.COM WWW.DOMAIN_NAME.COM (can use a comma “,” or space ” “).

Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): bjxbro.online www.bjxbro.online

Apache2 webserver certificate:

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/judis.my.id/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/judis.my.id/privkey.pem
This certificate expires on 2022-02-01.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for judis.my.id to /etc/apache2/sites-available/000-default-le-ssl.conf

We were unable to find a vhost with a ServerName or Address of www.judis.my.id.
Which virtual host would you like to choose?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: 000-default.conf               |                       |       | Enabled
2: 000-default-le-ssl.conf        | judis.my.id           | HTTPS | Enabled
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

In the apache2 certbot installation, which virtual host will we use. Can choose between 1 or 2 (HTTPS).

Successfully deployed certificate for www.judis.my.id to /etc/apache2/sites-available/000-default-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://judis.my.id and https://www.judis.my.id

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
apache2 cerbot
Apache certbot

Nginx webserver certificate:

Requesting a certificate for bjxbro.online and www.bjxbro.online
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/bjxbro.online/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/bjxbro.online/privkey.pem
This certificate expires on 2022-02-01.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for bjxbro.online to /etc/nginx/sites-enabled/default
Successfully deployed certificate for www.bjxbro.online to /etc/nginx/sites-enabled/default
Congratulations! You have successfully enabled HTTPS on https://bjxbro.online and https://www.bjxbro.online

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
nginx certbot
Nginx Certbot

Step 4: Auto Renew

The certificates provided by Let’s Encrypt are only valid for 90 days, so we must renew them frequently. Now we set up a cronjob to check for certificates expiring in the next 30 days and renew them automatically.

Use the following command to automatically renew SSL:

sudo certbot renew --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/bjxbro.online.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Account registered.
Simulating renewal of an existing certificate for bjxbro.online and www.bjxbro.online

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
  /etc/letsencrypt/live/bjxbro.online/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

HTTPS Testing

In this test I use 2 domains, each installed Apache2 and NginX.

Domain Web server
judis.my.id Apache2
bjxbro.online Nginx
Screenshot 20211104 013908996
Apache2 Certbot
Screenshot of 20211104 012344385
Certbot Nginx

Or you can use the command:

openssl s_client –showcerts –connect WebServerURL:PortNumber

Conclusion

By following the tutorial/how-to/method above, we can learn how to Install Free SSL From Let’s Encrypt With Apache2/Nginx On Ubuntu 20.04.

Hope it is useful.




Leave a comment

Your email address will not be published. Required fields are marked *