Let's encrypt!

Installation of a free SSL/TLS certificate Update: 2022

You can get an SSL/TLS certificate for free. Ideal for small or medium scale projects. Very easy to use.

Let's encrypt for free does not provide a certificate with extensive or organizational validation.

Installation

The certificate can be installed using the Certbot utility or the manual mode. Certbot require that we have an SSH access to our web server with sudo rights.

The Certbot documentation is very clear and guide us step-by-step on how to install the utility depending of the web server and distro we operate.

For example, the instructions to install Certbot on Ubuntu and Nginx can be found in the link below.

Certbot Instructionseff

Certbot documentation

The snap utility is required to install Certbot.

Certbot installation

sudo snap install --classic certbot

Create a symbolic link to be able to use the Certbot utility.

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Creation of a certificate

certbot --nginx

The image below shows that I have successfully created a valid SSL/TLS. When a certificate is generated, it will created a certificate and a private key. It will modify automatically the certificate and the private key Nginx path in the configuration file.

Creation of a SSL/TLS certificate

Nginx configuration file.

Certification renewal

• Renewal information can be found at /etc/letsencrypt/renewal.

• Outdated certificates will be archived in the path specified by the archive_dir variable.

Information about the certificate renewal

We can simulate a certificate renewal with:

certbot renew --dry-run 

Certificate renewal

Resources

Let's Encryptletsencrypt

Let's Encrypt