Let's Encrypt

Let’s Encrypt is a Certification authority that guarantees the creation of SSL certificates.

Installation of certbot

Method 1

• Preliminary setup

sudo apt install python3 python3-venv libaugeas0
sudo python3 -m venv /opt/certbot/
sudo /opt/certbot/bin/pip install --upgrade pip

• Install Certbot on Apache (or NGINX):

sudo /opt/certbot/bin/pip install certbot certbot-apache
sudo /opt/certbot/bin/pip install certbot certbot-nginx

• Create a symlink to ensure Certbot runs (repeat it at every reboot of the system):

sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot

Method 2

Run the following command:

sudo apt install certbot

Creation of an SSL certificate

Apache/NGINX certificates

• Create SSL certs for all domains and configure redirects in the web server:

sudo certbot --apache

or

sudo certbot --nginx

• Create SSL certs for a specified list of domain:

sudo certbot --apache -d example.com -d www.example.com 

• Install only SSL certs:

sudo certbot certonly --apache

or

sudo certbot certonly --nginx

• Enter an email address for renewal and security notices.

• Agree to the terms of service.

• Specify whether to receive emails from EFF.

Other services

Run the following command to manually generate only the certificate for all the subdomains of example.com:

certbot certonly -d *.phish-me.com --manual --preferred-challenges dns

Location of certificates

The certificate and the related private key for each domain are inside a subfolder (named as the domain) of the directory /etc/letsencrypt/live.

5. Certificates renewal

Let’s Encrypt certificates expire after 90 days. Run the following command to renew them:

certbot renew

• Renew the certificates without output generation

/usr/bin/certbot renew --quiet

Automated certificates renewal

The task could be performed by a cron job.