Let’s Encrypt, a non-profit operated by the Internet Security Research Group (ISRG), offers free TLS/SSL certificates to enable secure website connections. These certificates are valid for 90 days and can be renewed at any point during that time. The renewal process is automated, simplifying the often complex task of managing website security certificates. Let’s Encrypt was launched on April 12, 2016.

Step 1: Install Certbot

Certbot is a free, open-source program that automates the process of obtaining and deploying Let’s Encrypt certificates for websites, enabling HTTPS. Developed by the Electronic Frontier Foundation (EFF), a non-profit organization dedicated to protecting digital rights, Certbot simplifies website security.

Is Certbot the Right Tool for You?

Before utilizing Certbot, it’s essential to confirm if your hosting provider offers built-in HTTPS support, as this might eliminate the need for Certbot.

Consider Certbot if you meet the following criteria:

• You are comfortable working with the command line.
• Your website is already live and accessible via HTTP on port 80.
• Your website is hosted on a server you manage (dedicated, VPS, or cloud) with SSH access and sudo privileges.

Certbot is a component of the EFF’s broader initiative to encrypt the entire internet, aiming to create a more secure and private online environment resistant to censorship.

Step 2: Choose Your Web Server and Operating System

Navigate to https://certbot.eff.org/ and select your web server and operating system from the provided options to receive tailored installation instructions.

This example assumes a Debian 10 VPS environment.

Step 3: Connect to Your Server via SSH

Using your preferred SSH client, connect to your server with an account that possesses sudo privileges.

1

ssh mahesh@192.168.43.234 (Replace with your username and server IP)

Step 4: Install Certbot

Execute the following command on your server to install Certbot. This example demonstrates the installation process on a Debian 10 Buster system.

1

sudo apt-get -y install certbot python3-certbot-apache

Step 5: Configure Certbot

Option 1: Automatic Certificate Installation and Configuration

To obtain a certificate and automatically configure Apache to serve it over HTTPS, use the following command:

1

sudo certbot --apache

For a specific website, replace yourdomain.com with your actual domain:

1

sudo certbot --apache -d shop.opensio.co.in 

Option 2: Manual Certificate Installation

If you prefer to configure Apache manually, obtain the certificate using this command:

1

sudo certbot certonly --apache

Testing Automatic Renewal

Certbot automatically renews certificates before they expire using scheduled tasks. You can simulate a renewal without making changes to verify its functionality:

1

sudo certbot renew --dry-run

To locate the renewal command’s installation path, you can check these locations:

1

cat /etc/cron.d/certbot 

If necessary, add the following line to your crontab:

1

crontab -e 

Verifying Certbot’s Functionality

To ensure your website is properly secured, open your website in your web browser and look for the lock icon in the address bar. For an in-depth analysis of your HTTPS configuration, visit https://www.ssllabs.com/ssltest/.

References

• https://en.wikipedia.org/wiki/Let’s_Encrypt
• https://certbot.eff.org/lets-encrypt/debianbuster-apache