Installing let’s encrypt on your server using certbot

INSTALLING LET’S ENCRYPT ON YOUR UNMANAGED SERVER USING certbot

NOTE! This tutorial assumes you followed my tutorial Installing VPS/Dedicated server without cpanel to install your current server. Or that your current server is Debian 7

After logging into your server as root user, run the following commands.

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
apt-get install -y software-properties-common
apt-get install -y python-software-properties
apt-get update
apt-get update --fix-missing
echo 'deb http://ftp.debian.org/debian wheezy-backports main' | tee /etc/apt/sources.list.d/backports.list

(Note that each line is a separate command.)

The following commands are mostly useful if your RAM is less than 512 MB.

fallocate -l 1G /tmp/swapfile
chmod 600 /tmp/swapfile
mkswap /tmp/swapfile
swapon /tmp/swapfile

(Note that each line is a separate command.)

Now to install certificates on the domains on your server, run the following command.

/root/certbot-auto --apache (Select the domains you want to install ssl on during this process. When given an option whether to redirect, make sure to select option to allow redirect which should be option 2)

These two commands are necessary to turn swap of and remove swap file, that is if you used the swap option above for servers with less than 512 RAM.

swapoff /tmp/swapfile
rm /tmp/swapfile

(Note that each line is a separate command.)

Let’s make sure SSL is enabled on your server. Run this command.

a2enmod ssl

The below command might not be needed. Please visit the domain you installed SSL certificate on above in your browser. If the domain begins with https, then there is no need to run this command below.

nano /etc/apache2/sites-available/your-ssl-domain-here (Change ip to the domain name and change port to 443)

Let’s restart apache.

service apache2 restart

Let’s enable auto renewal. To do that, we have to test it first. Run the below command.

/root/certbot-auto renew --dry-run (Test automated renewal with this command. If this works, Then add auto renewal with the below code using cron)

If the above runs successfully, then lets add actual auto renewal using cron.
To edit your crontab file run this code: crontab -e

Paste the below code in a new line and save your crontab file:
17 8 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && /root/certbot-auto renew

When you’ve saved the file and quit your editor you will see a message such as: crontab: installing new crontab

To later install SSL Certificate on single or multiple domain after previous successful installation of Let’s encrypt with certbot, run the below command:

Single domain (change yourdomain.com to your actual domain): /root/certbot-auto --apache -d yourdomain.com

or

Multiple ultiple domain (change yourdomain.com,example.com to your actual domains): /root/certbot-auto --apache -d yourdomain.com,example.com

To delete SSL Certificate from any domain, run the below command and select the domain your want to delete:

/root/certbot-auto delete

Leave a Reply