Introduction
I have show you how to set up a TLS/SSL certificate from Let’s Encrypt on an Ubuntu 16.04 server running Apache as a web server.
All steps given below one by one.
1. Before run these command take website backup.
2. Install the Let's Encrypt Client
sudo add-apt-repository ppa:certbot/certbot
You'll need to press
ENTER to accept.3. Now update you ubuntu server.
sudo apt-get update
4. Install Certbot from the new repository.
sudo apt-get install python-certbot-apache
5. To execute the interactive installation and obtain a certificate that covers only a single domain, run the certbot command like so, where example.com is your domain
sudo certbot --apache -d shashank.com
6. If you want to install a single certificate that is valid for multiple domains or subdomains, you can pass them as additional parameters to the command. The first domain name in the list of parameters will be the base domain used by Let’s Encrypt to create the certificate, and for that reason we recommend that you pass the bare top-level domain name as first in the list, followed by any additional subdomains or aliases:
sudo certbot --apache -d shashank.com -d www.shashank.com
7. Now SSL is install and your site running with https.
When the installation is finished, you should be able to find the generated certificate files at /etc/letsencrypt/live. You can verify the status of your SSL certificate with the following link (don’t forget to replace shashank.com with your base domain).
8. Download certificates. this url run on your browser with your domain name.
https://www.ssllabs.com/ssltest/analyze.html?d=shashank.com&latest
9. Verifying Certbot Auto-Renewal
Let’s Encrypt certificates only last for 90 days. However, the certbot package we installed takes care of this for us by running certbot renew twice a day via a systemd timer. On non-systemd distributions this functionality is provided by a cron script placed in /etc/cron.d. The task runs twice daily and will renew any certificate that's within thirty days of expiration.
To test the renewal process, you can do a dry run with certbot:
sudo certbot renew --dry-run
No comments:
Post a Comment