Step 1 – Installing Certbot
Certbot is a tool to obtain certificates from Let’s Encrypt and configure on your web server. Snap package is the easist way for installing certbot on Ubuntu system.
Open a terminal and execute below command to install certbot:
sudo snap install --classic certbot
Step 2 – Generate SSL Certificate
Apache – The systems running Apache web server, execute the following command. This will list all the domains/sub-domains configured on your web server. Select appropriate numbers to request certificate.
sudo certbot --apache
Nginx – For the systems running Nginx web server, use below command to request for the SSL certificates.
sudo certbot --nginx
Other Web Server – For the system having any other web servers running except Apache or Nginx. Then you can get the certificate only and configure them manually.
This command will ask you for domain name and document root for the domain.
sudo certbot certonly --webroot
No Web Server – The systems have no web server running, can also request a ssl certificate. Below command will ask your for the domain name and start a temporary web server on port 80 to complete the verification.
sudo certbot certonly --standalone
In all of the above cases, the domain must be pointed to your server from DNS. Also insure that /.well-known/acme-challenge are served by the webserver.
Step 3 – Renew SSL Certificate
Let’s encrypt certificates are issues for 3 months only. You can renew certificate before 30 days of expiry. Certbot allows you a hassle free renewal just by running a single command.
Run the below command to renew all the certificates on that system.
sudo certbot renew
You can also run a dry run without actual renewal. This will help you to test if SSL renewal perform well.
sudo certbot renew --dry-run