Let’s Encrypt is an automated and open certificate authority (CA) operated by the Internet Security Research Group (ISRG) and founded by the Electronic Frontier Foundation (EFF), the Mozilla Foundation and others. It offers free SSL/TLS certificates, which are commonly used to encrypt communications for security and privacy purposes, with the most notable use case being HTTPS. Let’s Encrypt relies on the Automatic Certificate Management Environment (ACME) protocol to issue, revoke, and renew certificates.
Certbot is a free and open source utility primarily used for managing SSL/TLS certificates from the Let’s Encrypt certification authority.
Requirements: A registered domain name with an A record pointing to your IPv4 address and root shell access to a Debian based machine.
Step 1: Installing Snapd.
# apt install snapd && snap install core
Step 2: Installing Certbot snap package.
# snap install --classic certbot
Step 3: Run following command to verify that the certbot command is executable:
# ln -s /snap/bin/certbot /usr/bin/certbot
Step 4: Run Certbot with the webserver you are using specified:
# FOR NGINX
# certbot --nginx
# FOR APACHE
# certbot --apache
The Certbot packages installed on your system include a cron job or systemd timer. These automatically renew your certificates before expiration, eliminating the need for manual intervention unless your configuration changes. To confirm automatic renewal functionality, you can execute the following command:
# certbot renew --dry-run
Step 5: To verify the correct setup of your site, open your browser and navigate to "https://yoursite.tld/", instead of "http://yoursite.tld/". Check for the presence of a lock icon in the URL bar.