Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. The certificate is valid for 90 days, during which renewal can take place at any time. The offer is accompanied by an automated process designed to overcome manual creation, validation, signing, installation, and renewal of certificates for secure websites. It launched on April 12, 2016.
Step1: Install CertBot
Certbot is a free, open-source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.
Certbot is made by the Electronic Frontier Foundation (EFF), a 501(c)3 nonprofit based in San Francisco, CA, that defends digital privacy, free speech, and innovation.
Is Certbot right for me?
If you’re looking to add the security and privacy benefits of an HTTPS certificate to your website, you may not need Certbot. Many hosting providers have internal tools to enable HTTPS. Before using Certbot, check if your hosting provider is one of them.
Certbot might be right for you if you:
- have comfort with the command line
- have an HTTP website that’s already online with port 80 open
- and administer your website via a dedicated server, virtual private server, or cloud-hosted server
- which you can access via SSH, and have the ability to sudo
Certbot is part of EFF’s larger effort to encrypt the entire Internet. Websites need to use HTTPS to secure the web. Along with HTTPS Everywhere, Certbot aims to build a network that is more structurally private, safe, and protected against censorship.
Step2: Visit https://certbot.eff.org/ Choose your webserver & Operating system and get the installation commands
I'm running Debian 10 VPS |
Step3: SSH into the server
SSH into the server running your HTTP website as a user with sudo privileges.
ssh mahesh@192.168.43.234 (sudo user and server ip)
Step4: Install Certbot
Run this command on the command line on the machine to install Certbot. (for Debian 10 Buster)
sudo apt-get -y install certbot python-certbot-apache
Step5: Choose how you'd like to run Certbot
Either get and install your certificates...
Run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it, turning on HTTPS access in a single step.
sudo certbot --apache
For a specific website: sudo certbot --apache -d shop.opensio.co.in
For a specific website: sudo certbot --apache -d shop.opensio.co.in
Or, just get a certificate
If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, run this command.
sudo certbot certonly --apache
Test automatic renewal
The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again unless you change your configuration. You can test automatic renewal for your certificates by running this command:
sudo certbot renew --dry-run
The command to renew certbot is installed in one of the following locations:
add the line of code in crontab -e
Confirm that Certbot worked
To confirm that your site is set up properly, visit https://yourwebsite.com/ in your browser and look for the lock icon in the URL bar. If you want to check that you have the top-of-the-line installation, you can head to https://www.ssllabs.com/ssltest/.
Reference: