Install Let’s Encrypt SSL on LAMP & LEMP

Introduction #

Let’s Encrypt is an automated, open certificate authority that offers free TLS/SSL certificates for the public’s benefit. The service is provided by the Internet Security Research Group (ISRG). This tutorial shows how to install a Let’s Encrypt SSL certificate on One-Click LAMP & LEMP apps using the certbot installation wizard. After completing this tutorial, the server will have a valid certificate and redirect all HTTP requests to HTTPS.

Prerequisites #

This tutorial assumes that you have deployed a OneHost Cloud One-Click LAMP (Apache) or One-Click LEMP (Nginx) VPS, have a domain name pointing to your server IP address, and you are logged in as root.

1. Install certbot #

Install certbot with apt.

  • One-Click LAMP (Apache)
    # apt update && apt install certbot python-certbot-apache -y
  • One-Click LEMP (Nginx)
    # apt update && apt install certbot python-certbot-nginx -y

2. Install Certificate #

Run certbot to install the certificate. Full examples are below, here are descriptions of the command line options:

  • –apache
    • Use the Apache web server
  • –nginx
    • Use the nginx web server
  • –redirect
    • Redirect all HTTP requests to HTTPS.
  • -d -d
    • Install a multiple domain (SAN) certificate. You may use up to 100 -d domain entries.
  • -m [email protected]
    • The notification email address for this certificate.
  • –agree-tos
    • Agree to the terms of service.

Use certbot --help for more information. See the Certbot FAQ for more information about SAN certificates.

Example: One-Click LAMP (Apache) #

Run certbot for Apache.

# certbot --apache --redirect -d -d -m [email protected] --agree-tos

Example: One-Click LEMP (Nginx) #

  1. Before running certbot, make sure server_name is set properly. Edit your Nginx configuration:
    # nano /etc/nginx/conf.d/default.conf
  2. Update server_name to include your domain name.
    server {
  3. Save and exit the file.
  4. Run certbot for Nginx.
    # certbot --nginx --redirect -d -d -m [email protected] --agree-tos

3. Verify Automatic Renewal #

Let’s Encrypt certificates are valid for 90 days. The certbot wizard updates the systemd timers and crontab to automatically renew your certificate.

  1. Verify the timer is active.
    # systemctl list-timers | grep 'certbot\|ACTIVATES'
  2. Verify the crontab entry exists.
    # ls -l /etc/cron.d/certbot
  3. Verify the renewal process works with a dry run.
    # certbot renew --dry-run

Summary #

Installing a free Let’s Encrypt certificate is simple with certbot. For more information, see the official certbot installation documentation.

Powered by BetterDocs