How to get an SSL certificate from Letsencrypt for your Apache2 website?

Letsencrypt (http://letsencrypt.org) provides free of charge, no strings attached, SSL certificates through an automatic setup process. The Certificates issued by "Let's Encrypt" are valid for a duration of 4 months and they can be renewed through a simple process.

In this "How-To" we will explore the initial install of the client software provided by Letsencrypt which will lead to the installation of the certificate on your Apache2 server in a few basic steps.

First, we assume (in no particular order) that:
1) you are comfortable with command line use at the terminal,
2) you already have Apache2 installed and operational with your website at basic level and you know how to enable SSL on Apache2,
3) your actual domain name properly resolves to your public address,
4) if you are behind a gateway/firewall TCP ports #80 and #443 of your public IP address are both forwarded to your Apache2 server machine's private IP, where your website is installed and where letsencrypt material will be installed and utilized,
5) your internet connection is live!

Now, if all the above point are taken care off then let's start!

To begin, let's open up a terminal session on your server and login as root or superuser. We could also use 'sudo' as required.

Then, let's install git using the following command:
apt-get install git

Next, let's get Letsencrypt client software from git:
git clone https://github.com/letsencrypt/letsencrypt

The above line will install letsencrypt in your home directory,
i.e. /home/<your_user_id>/letsencrypt

Now, let's create a config file for Letsencrypt using our favorite text editor:
gksu gedit /etc/letsencrypt/cli.ini

Once inside the text editor, insert the following 6 lines in the cli.ini file freshly created/edited:
authenticator = webroot
webroot-path = /var/www/html
server = https://acme-v01.api.letsencrypt.org/directory
renew-by-default
agree-tos
email = <postmaster's_email_address>

Then, save the file and exit the text editor.

Next, generate your certificates by running the following command in the terminal:
./letsencrypt/letsencrypt-auto --config /etc/letsencrypt/cli.ini -d <your_domain_name> -d www.<your_domain_name> certonly

After a few minutes of data crunching 'letsencrypt-auto' client software should signal that everything went well and your certificate is ready to use.

The certificate issued will be located in /etc/letsencrypt/live/<your_domain_name>, which can be pointed at by your Apache2 web server configuration. Incidentally, do not move your certificate to another location as in 4 months when the certificate is renewed it will be located there again. You probably wouldn't want to move it around every time.

One of the best ways to point your Apache2 server's SSL settings to the above certificate is to use Webmin (assuming that you have it already installed on your server). To do so, using your favorite web browser to access webmin, navigate to 'Servers' | 'Apache Web Server' | 'Virtual Server' w/ Port 443 | 'SSL Options', select data box radio buttons for the following items and feed them with the corresponding data:

Also, make sure that the SSL Engine is turned ON. ('Servers' | 'Apache Web Server' | 'Global Configuration' | 'Configure Apache Modules' | 'ssl' check marked enable)

Finally, reload your freshly edited Apache2 config by running:
service apache2 reload

You are done!

Test your server and check your certificate using a web browser:
https://<your_domain_name> or https://www.<your_domain_name>

(© cilicia.us - originally published on January 3, 2016)

cilicia.us & The Cilician Gazette © Copyright 1991-2018 - All rights reserved