How to Install and Renew Let’s Encrypt SSL Certificates on Linux

Prerequisites

In order to follow this guide, you will need the following:

  • A Cloud Server or any server running a linux distribution
  • An HTTP website served on port 80 on that server
  • Root or sudoer privileges on the server and access to the command line

What is Let’s Encrypt?

Let’s Encrypt is a certificate authority (CA) that provides free SSL/TLS certificates. It is a trusted authority, which means that its certificates are accepted by modern web browsers and tools that connect over HTTPS. Unlike a traditional provider that requires you to submit a CSR and then go through one or more steps to prove you own the domains you want to cover, Let’s Encrypt manages validation and your certificates through automated processes that talk to your web server. In most cases, getting the certificate and renewing it can all be automatically handled through one simple software package.

Using certbot to install Let’s Encrypt certificates

For nearly all linux distributions, all you need to do to obtain your certificate is install the recommended package, certbot. Certbot will also reconfigure your HTTP-only web server to serve HTTPS in a single step if you want it to, however it also has options to obtain and install your certificate and leave the web server configuration for you to edit on your own.

For step-by-step instructions on installing and running certbot commands to obtain your certificate, select your web server and linux distro on the certbot instructions page.

Certbot certificate renewal

Certbot also includes a cron job or systemd timer compatible with most Linux distributions that will handle certificate renewal for you. Check the certbot documentation for your preferred distribution to see all the possible locations that the renewal command can be installed.

Other ways to obtain your Let’s Encrypt certificate

If certbot is not compatible with your Linux distribution, or otherwise doesn’t meet your needs, Let’s Encrypt is supported through a number of other command-line tools that act as clients for their ACME protocol. You can find a list of such clients here.

Leave a Reply

Your email address will not be published. Required fields are marked *