How to install Let’s Encrypt with Apache on Ubuntu

In one of the previous articles, I have explained how to harden SSL configuration in Apache and how to add Let’s Encrypt Everything SSL certificate to Kerio Mail server. Now I will explain how to install a client that will help you to automatically renew your SSL certificate(s).

Connect to your server via SSH and install client from Github using the following command:

# aptitude install git
# git clone /opt/letsencrypt

Now let’s generate your SSL certificate for your website.

# ./letsencrypt-auto --apache -d sefnet.local

You can automatically generate SSL certificate for multiple websites using -d switch on the single command:

# ./letsencrypt-auto --apache -d sefnet.local -d sefnet2.local

Or you can create SSL certificate for any subdomain:

# ./letsencrypt-auto --apache -d sefnet.local -d www.sefnet.local -d www1.sefnet.local -d www2.sefnet.local -d www3.sefnet.local

Once your SSL certificates are in place, you can either use HTTP Strict Transport Security (HSTS) or .htaccess to redirect traffic to your HTTPS webpage. HSTS method is explained here, and to use .htaccess method, add the following to your .htaccess file:

RewriteEngine On
RewriteCond % 80
RewriteRule ^(.*)$ https://sefnet.local/$1 [R,L]

Remember to add www. to your subdomain configuration:

RewriteRule ^(.*)$ https://www.sefnet.local/$1 [R,L]

Now I will configure automatic SSL certificate renewal through crontab.

# crontab -e
00 2 * * 7 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log mail -s "SSL certificate renewal results" info@sefnet.local

This will trigger automatic SSL certificate renewal, write steps into log file, and send mail with the results to your mail address

Leave a Reply

Your email address will not be published.