How to Install Let's Encrypt (CentOS/Debian/Ubuntu) Print

  • ssl, let's encrypt, how to install, vps
  • 0

This tutorial will show you on how to install a Let's Encrypt on your Ubuntu, Debian or CentOS VPS.


A Linux VPS


Update your server's software


sudo yum update && sudo yum upgrade

Debian / Ubuntu

sudo apt update && sudo apt upgrade

Download and Install Let’s Encrypt


sudo yum install git

Debian / Ubuntu

sudo apt-get install git

Create an SSL Certificate

Let’s Encrypt automatically performs Domain Validation (DV) using a series of challenges. The Certificate Authority (CA) uses challenges to verify the authenticity of your computer’s domain. Once your Linode has been validated, the CA will issue SSL certificates to you.

  1. Run Let’s Encrypt with the --standalone parameter. For each additional domain name requiring a certificate, add -d to the end of the command.

    sudo -H ./letsencrypt-auto certonly --standalone -d -d
    Let’s Encrypt does not deploy wildcard certificates. Each subdomain requires its own certificate.
  2. When prompted, specify an administrative email address. This will allow you to regain control of a lost certificate and receive urgent security notices if necessary. Press ENTER or RETURN to save.

  3. Agree to the Terms of Service and specify if you would like to share your email address with EFF.

Check Certificate Domains

The output of the Let’s Encrypt script shows where your certificate is stored; in this case, /etc/letsencrypt/live:

sudo ls /etc/letsencrypt/live

All of the domains you specified above will be covered under this single certificate. This can be verified as follows:

./certbot-auto certificates

Update Let’s Encrypt

  1. Return to the /opt/letsencrypt directory:

    cd /opt/letsencrypt
  2. Download any changes made to Let’s Encrypt since you last cloned or pulled the repository, effectively updating it:

    sudo git pull


Automatically Renew SSL Certificates (Optional)

You can also automate certificate renewal. This will prevent your certificates from expiring, and can be accomplished with cron.

  1. The output of the previous command shows how to non-interactively renew all of your certificates:

    ./letsencrypt-auto renew
  2. Set this task to run automatically once per month using a cron job:

    sudo crontab -e

    Add the following line to the end of the crontab file:

    0 0 1 * * /opt/letsencrypt/letsencrypt-auto renew

Automatically Update Let’s Encrypt (Optional)

You can also use cron to keep the letsencrypt-auto client up to date.

sudo crontab -e
0 0 1 * * cd /opt/letsencrypt && git pull

For more information visit:

Was this answer helpful?

« Back

Powered by WHMCompleteSolution