How to Install Let’s Encrypt on Apache2

Let’s Encrypt is an open SSL Certificate Authority (CA) that offers free domain-validated (DV) certificates for your websites. SSL Certificates are used to establish a secure encrypted connection between a web server and a user’s web browser. The SSL certificates that have been issued by Let’s Encrypt are valid for 90 days and are trusted by most web browsers today.

Installing Let's Encrypt client

apt-get update
apt-get install software-properties-common python-software-properties
add-apt-repository ppa:certbot/certbot
apt-get install python-certbot-apache

To test if the installation was successful, use the following command,

certbot --help

Generating a Certificate

Let’s Encrypt validates the domain it is installed on, The client generates a new key pair when interacting with the Let’s Encrypt servers for the first time, and then aims to prove that the host has control over a particular domain.

certbot --apache -d yourdomain.com

Here, replace yourdomain.com with your domain name/domain you wish to generate the SSL certificate for.

Renew the Certificate

The certificate expiration date is 90 days from the day of install.

/usr/bin/letsencrypt renew

Once the renewal is complete, reload your web service to update the configuration with the next command.

service apache2 restart

Auto Renewal

Certbot will automatically run twice a day and renew any certificate that is within thirty days of expiration. To test that this renewal process is working correctly, you can run:

0 0 1 * * /usr/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log
service cron restart