The Certbot provides an easy way to generate Let’s Encrypt free certificates for all websites that support HTTP and serve their content over HTTPS. In this article, we will see how to use Certbot to automate the process of generating Let’s Encrypt certificates.

Step 1 – Installing Certbot

Most Linux systems have the certbot package under default package repositories. is a tool to obtain certificates from Let’s Encrypt and configure them on your web server. The Snap package is the easiest way for installing the certbot on the Ubuntu system.

Open a terminal and execute the below command to install certbot:

sudo snap install --classic certbot 

Once a new certbot version is available, Snap will auto-update the package.

Step 2 – Generate SSL Certificate with Certbot

Now, You can request SSL certificates from Let’s encrypt based on the web server. We have discussed 4 methods to get a new SSL certificate, that depend on which web server running on your system. Might be there is no web server running on the system.

So choose the correct method as per the environment:

No Web Server Running

In case, you don’t have any web server running on your system. You can --standalone option to complete the domain validation by stating a dummy web server. This option needs to bind to port 80 in order to perform domain validation.

sudo certbot certonly --standalone 



If you are running the certbot for the first time, it will prompt you to accept terms and provide an email address for sending notifications.

You can also provide the inputs at the command line, For example:

sudo certbot certonly --standalone -d example.com --staple-ocsp -m me@example.com --agree-tos  

Certbot with Apache

The systems running the Apache web server, execute the following command. This will list all the domains/sub-domains configured on your web server. Select appropriate numbers to request a certificate.

sudo certbot --apache 

This will read the Apache configuration files and list all the configured domain names. Enter the number of the domain you want to issue a certificate. You can input multiple comma-separated numbers.

Once the domain ownership is verified, the certificate will be issued and the Apache configuration file will be created with SSL settings.

Certbot with Nginx

For the systems running the Nginx web server, use the below command to request the SSL certificates.

sudo certbot --nginx -d example.com -d www.example.com 

Some Other Web Server Running

For the system having any other web servers running except Apache or Nginx. Then you can get the certificate only and configure them manually.

This command will ask you for the domain name and document root for the domain.

sudo certbot certonly --webroot 

You can also pass the domain name and/or document root on the command line.

sudo certbot certonly --webroot -w /var/www/html -d example.com -d www.example.com 

While using the above commands, the domain must be pointed to the server in DNS. Also, ensure that /.well-known/acme-challenge is served by the web server.

Step 3 – View Certificate Files

Once a certificate is issued by the Lets Encrypt authority. All the certificate files are created under the /etc/letsencrypt directory. If your domain name is example.com, then the files will be created at the below location.

ls -l /etc/letsencrypt/live/example.com/ 

Output:
-rw-r--r-- 1 root root 692 Mar  9 06:59 README
lrwxrwxrwx 1 root root  37 Sep  6 09:56 cert.pem -> ../../archive/example.com/cert1.pem
lrwxrwxrwx 1 root root  38 Sep  6 09:56 chain.pem -> ../../archive/example.com/chain1.pem
lrwxrwxrwx 1 root root  42 Sep  6 09:56 fullchain.pem -> ../../archive/example.com/fullchain1.pem
lrwxrwxrwx 1 root root  40 Sep  6 09:56 privkey.pem -> ../../archive/example.com/privkey1.pem

Change example.com with your domain name to get correct files.

Conclusion

Let’s Encrypt is a certificate authority that provides free SSL certificates for public websites. We can issue certificates for any number of domains. The SSL certificates are issued for 3 months only, then you need to renew it. Certbot is a command line utility that helps to manage Let’s Encrypt SSL certificates. With the help of certbot we can issue a new certificate, and renew and delete it.

Hope this tutorial helps you to work with Certbot for managing the SSL certificate on your system.

The post How to Generate Let’s Encrypt SSL using Certbot appeared first on TecAdmin.

The default certbot stores all the client certificates under the below-mentioned directories. We are not recommending you delete files manually. In this tutorial, we will discuss deleting unused SSL certificates using the Certbot command line.

• /etc/letsencrypt/live
• /etc/letsencrypt/renewal
• /etc/letsencrypt/archive

Delete a Let’s Encrypt SSL Certificate

The Certbot also provides you an option to delete certificates automatically for you. To delete an SSL certificate, run the following command.

sudo certbot delete 

This command will show you an index from which you can select the domain name to delete the associated certificate. Just type the index number of the domain name, that you want to delete and hit enter. The issued certificate including other associated files will be deleted.

You can also specify the domain name with the certbot command as below. This could be helpful if the domain name does not appear in the index list.

sudo certbot delete --cert-name example.com

That’s it.

Conclusion

This tutorial helped you to delete a Let’s Encrypt SSL certificate using certbot command-line tool.

The post How to Delete a Let’s Encrypt Certificate using Certbot appeared first on TecAdmin.

This tutorial helps you to install and use Certbot (A Let’s Encrypt client) on Ubuntu 20.04 LTS Linux system.

Prerequisites

You must fulfill the followings:

• A running Ubuntu 20.04 system with sudo privileged account access.
• Apache web server with virtual host configured with a real domain or subdomain.
• Domain or sub-domain must be pointed correctly to web server IP address.

Step 1 – Installing Certbot

Certbot is a tool to obtain certificates from Let’s Encrypt and configure them on your web server. The Snap package is the easiest way for installing the certbot on the Ubuntu system.

Open a terminal and execute the below command to install certbot:

sudo snap install --classic certbot 

Step 2 – Generate SSL Certificate

Now, You can request SSL certificates from Let’s encrypt based on the web server.

1. Apache – The systems running Apache web server, execute the following command. This will list all the domains/sub-domains configured on your web server. Select appropriate numbers to request a certificate.

   sudo certbot --apache 
   

2. Nginx – For the systems running Nginx web server, use below command to request for the SSL certificates.

   sudo certbot --nginx 
   

3. Get Certificate Only – For the system having any other web servers running except Apache or Nginx. Then you can get the certificate only and configure them manually.

   This command will ask you for the domain name and document root for the domain.

   sudo certbot certonly --webroot 
   

4. No Web Server – The systems have no web server running, can also request a SSL certificate. The below command will ask you for the domain name and start a temporary web server on port 80 to complete the verification.

   sudo certbot certonly --standalone 
   

While using the above commands, the domain must be pointed to the server in DNS. Also, ensure that /.well-known/acme-challenge is served by the web server.

Step 3 – Test SSL

Once the SSL certificate is installed on the web server, visit https://your-domain.com/ in a web browser and look for the SSL lock icon in the URL bar. You can also do a security scan for the SSL setup on https://www.ssllabs.com/ssltest/.

Step 3 – Renew SSL Certificate

A Let’s Encrypt certificate is issued for the 3 months only. You need to renew the certificate before 30 days of expiry. Certbot allows you a hassle-free renewal just by running a single command.

Run the below command to renew all the certificates on that system.

sudo certbot renew 

You can also run a dry run without actual renewal. This will help you to test if SSL renewal performs well.

sudo certbot renew --dry-run 

Conclusion

In this tutorial, you have learned to install certbot on the Ubuntu system. Also helped you to create new certificates for your web servers.

The post How to Setup Let’s Encrypt (Certbot) on Ubuntu 20.04 appeared first on TecAdmin.

Prerequisites

• Running Fedora system with shell access
• A domain/sub domain pointed to server IP address via public DNS server. For this tutorial, we use webhost.tecadmin.net.

Step 1 – Install Apache

First of all, Install the Apache webserver on your Fedora system. The default package repositories contain Apache packages. You can directly install them using the following command:

sudo dnf install httpd httpd-tools mod_ssl 

• How to Install LAMP on Fedora

Step 2 – Create VirtualHost in Apache

For this tutorial, I have created an index.html file under the default document root. Similarly, you can place your application under the document root of your domain.

sudo echo "<h2>Welcome to Secure TecAdmin.net</h2>" > /var/www/html/index.html 

After that, create a VirtualHost configuration file binding with port 80.

sudo vim /etc/httpd/conf.d/webhost.tecadmin.net.conf 

<VirtualHost *:80>
    ServerAdmin admin@example.com
    ServerName webhost.tecadmin.net
    DocumentRoot /var/www/html
    <Directory /var/www/html>
        Allowoverride all
    </Directory>
</VirtualHost>

Save and close the configuration file. Then restart the Apache service to reload the configuration file.

sudo systemctl restart httpd 

Step 3 – Setup Let’s Encrypt (Certbot) Client

The Certbot ACME is a client application recommended by Let’s Encrypt for systems with shell access. It provides hassle-free automation of certificate issuance, installation, and renewal.

You can install the certbot package along with certbot plugin for Apache using following command:

sudo dnf install python3-certbot-apache 

Above command will add certbot utility in your system. Execute the below command to get more help about certbot command.

sudo certbot -h all 

Step 4 – Create Let’s Encrypt Certificate

Now, you can request let’s encrypt to issue an SSL certificate for your domain. You need to run the certbot command for the Apache server as following:

sudo certbot --apache 

This will list all the virtual hosts configured with Apache on current server. Select the appropriate number with the comma separated. See below screenshot:

Let’s encrypt will start the verification process for your domain. Make sure the domain you selected is pointed to this server via the public DNS server.

On successful verification, SSL will be issued for your domain. A separate SSL VirtualHost configuration file will be created for your domain.

Please choose whether or not to redirect HTTP traffic to HTTPS:

• 1: No redirect – Make no further changes to the webserver configuration.
• 2: Redirect – Make all requests redirect to secure HTTPS access.

Enter a number of your choice and press enter. You can also change it latest by directly editing configuration files.

Once the SSL configuration completed successfully, you will see a congratulations message on your screen.

Step 5 – Verify Certificate

The Let’s Encrypt SSL has been successfully configured for your domain. This certificate is issued for 3 months only, You can renew it before expiration.

Let’s check the certificate by accessing your site in a web browser.

Conclusion

You have successfully secured your website with free Let’s Encrypt SSL certificate. Follow our next tutorial to setup Let’s Encrypt Auto SSL renewal with crontab. The Fedora systems will have default TLS 1.2 and TLS 1.3 enabled.

The post How to Setup Let’s Encrypt SSL with Apache on Fedora appeared first on TecAdmin.

This tutorial will help you to auto-renew Let’s Encrypt SSL certificates automatically. The certbot script will take care of certificate renewal before expiration.

How to Renew Let’s Encrypt SSL

Certbot command-line utility provides users the option to renew SSL certificates before expiration.

Before running the actual renewal process, you can do a dry run to verify that certbot is working properly. Run the following command on the terminal to verify:

sudo certbot renew --dry-run 

On successful execution of the above command. You can run the following command to renew all the certificates by running the following command.

sudo certbot renew 

The above command will renew all the SSL certificates pending renewal.

Configure Auto-Renew Let’s Encrypt Certificates

In the previous step, you can verify that certbot is working properly.

Now, you can configure the same command in the crontab, to run it periodically. You can configure this script once a day. Edit crontab with the following command:

crontab -e 

Append the following command at end of the file:

# Auto-renew let's encrypt SSL certificates
0     *     *     *     *      sudo certbot renew

Save the file and close it.

All done.

Wrap Up

You have successfully scheduled the certbot to auto-renew Let’s Encrypt SSL certificates before expiration. Remember that the renewal process also performs domain validations. So take care of it also.

The post Auto Renew Let’s Encrypt Certificates using Certbot appeared first on TecAdmin.