This tutorial will show you how to set up a TLS/SSL certificate from Let’s Encrypt. We will also cover how to automate the certificate renewal process using a cron job.
SSL certificates are used within web servers to encrypt the traffic between the server and client, providing extra security for users accessing your application. Let’s Encrypt provides an easy way to obtain and install trusted certificates for free.
- A running Web server
- FQDN must be public
- Git must be installed
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
/opt/letencrypt/letsencrypt-auto --apache -d example.com # one domain /opt/letencrypt/letsencrypt-auto --apache -d example1.com -d example2.com # multiple domain
- Domain name must be the same as the virtualhost
- An email address will be requested
- you will be able to choose between enabling both http and https access or force all requests to redirect to https
Once completed, letsencrypt will create virtualhost and reload apache2.
In case of using reverse proxy, you would have to use another command line
/opt/letencrypt/letsencrypt-auto certonly -w /var/www/example.com/ -d example.com /opt/letencrypt/letsencrypt-auto certonly certonly --webroot -w /var/www/example/ -d www.example.com -d example.com -w /var/www/other -d other.example.net -d another.other.example.net
/opt/letencrypt/letsencrypt-auto certonly --apache --renew-by-default -d example.com -d www.example.com
Automatic - le-renew
Download le-renew script
wget -P /usr/local/sbin/ http://do.co/le-renew chmod 700 /usr/local/sbin/le-renew
Create a cron job, edit /etc/cron.d/le-renew
# .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed 0 2 * * 1 root /usr/local/sbin/le-renew example.com >> /var/log/le-renew.log
Create log file