How to Install Let's Encrypt (CentOS/Debian/Ubuntu)

This tutorial will show you on how to install a Let's Encrypt on your Ubuntu, Debian or CentOS VPS.

Requirements

A Linux VPS

 

Update your server's software

CentOS

sudo yum update && sudo yum upgrade

Debian / Ubuntu

sudo apt update && sudo apt upgrade


Download and Install Let’s Encrypt

CentOS

sudo yum install git

Debian / Ubuntu

sudo apt-get install git


Create an SSL Certificate

Let’s Encrypt automatically performs Domain Validation (DV) using a series of challenges. The Certificate Authority (CA) uses challenges to verify the authenticity of your computer’s domain. Once your Linode has been validated, the CA will issue SSL certificates to you.

  1. Run Let’s Encrypt with the --standalone parameter. For each additional domain name requiring a certificate, add -d example.com to the end of the command.

    sudo -H ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com
    
    Note
    Let’s Encrypt does not deploy wildcard certificates. Each subdomain requires its own certificate.
  2. When prompted, specify an administrative email address. This will allow you to regain control of a lost certificate and receive urgent security notices if necessary. Press ENTER or RETURN to save.

  3. Agree to the Terms of Service and specify if you would like to share your email address with EFF.



Check Certificate Domains

The output of the Let’s Encrypt script shows where your certificate is stored; in this case, /etc/letsencrypt/live:

sudo ls /etc/letsencrypt/live

All of the domains you specified above will be covered under this single certificate. This can be verified as follows:

./certbot-auto certificates


Update Let’s Encrypt

  1. Return to the /opt/letsencrypt directory:

    cd /opt/letsencrypt
    
  2. Download any changes made to Let’s Encrypt since you last cloned or pulled the repository, effectively updating it:

    sudo git pull
    

 

Automatically Renew SSL Certificates (Optional)

You can also automate certificate renewal. This will prevent your certificates from expiring, and can be accomplished with cron.

  1. The output of the previous command shows how to non-interactively renew all of your certificates:

    ./letsencrypt-auto renew
    
  2. Set this task to run automatically once per month using a cron job:

    sudo crontab -e
    

    Add the following line to the end of the crontab file:

    crontab
    0 0 1 * * /opt/letsencrypt/letsencrypt-auto renew
     

Automatically Update Let’s Encrypt (Optional)

You can also use cron to keep the letsencrypt-auto client up to date.

 
sudo crontab -e
crontab
0 0 1 * * cd /opt/letsencrypt && git pull

For more information visit: letsencrypt.org
  • ssl, let's encrypt, how to install, vps
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Iptables SSH brute-force protection

Some iptables rules that are useful to increase the overall security of a Linux server. #SSH...

Iptables Anti-DDoS Rules

You can use the below iptables ruleset for additional DDoS protection of your Linux server. #Drop...

How to Install SSHGuard (Ubuntu/CentOS)

This tutorial will show you on how to install SSHGuard on your Ubuntu or CentOS VPS....

How to Install Fail2Ban (Ubuntu/CentOS)

This tutorial will show you on how to install Fail2Ban on your Ubuntu or CentOS VPS....

How to Install WordPress on a VPS

This tutorial will show you on how to install WordPress on your Ubuntu or Debian VPS....

Powered by WHMCompleteSolution