Blog

How to issue a free SSL certificate for your site using let's encrypt - apache - nginx - docker

How to issue a free SSL certificate for your site using let’s encrypt

Many of you are here because you are hosting a website that is insecure. By insecure, we simply mean that it doesn’t send/receive traffic to/from the server using a secure way. SSL is a Secure Socket Layer protocol that ensures communication between a client browser and the server is encrypted. This way you can prevent anyone from reading that data being transmitted
One of the core benefits to this is, Customer who is using your website can trust you, that data that one enters at your website will be traveled safe.

There are many providers who authentic your identity and provides SSL Certificates for your site. In this article, we will see 1 such free provider Let’s Encrypt

Let’s Encrypt provides a free SSL Certificate for your website, with 3 months validity. After 3 months, you can renew it automatically for free.

Let’s see 3 ways by which you can get SSL for your website using Let’s Encrypt

  1. Apache
  2. NGINX
  3. Docker

Apache

1. Install Certbot

If you have installed Apache on your server, and you are using a Linux system, follow the below-mentioned steps to install let’s encrypt

sudo apt update
sudo apt install -y certbot
sudo apt install -y python-certbot-apache

Certbot is an authority that owns let’s encrypt, which will help us get certificates from let’s encrypt.
Run the below-mentioned command to issue an SSL certificate for your website

2. Issue an SSL Certificate

sudo certbot --apache
sudo certbot certonly --apache

Here, 1st command

  • will get SSL Certificates for your website and change Apache configuration to allow HTTPS for your site.
  • In this step, you don’t need to do anything after SSL certificates are fetched. It will automatically add configuration in apache and restart the webserver

While 2nd command,

  • will only get you SSL Certificates, and afterward, you need to modify apache configuration files to use those certificates

when using `–apache` flag, certbot will give you SSL Certificates in a format that apache accepts, so you won’t need to restructure it, if you are using any other web server, please find the appropriate tag and use it

PS: In general, Apache uses, Certificate PEM file and key file structure

3. Provide Details

You need to provide below-mentioned details

  1. Email Address – used for renewal and notices of expiration of certificates
  2. Agree with Terms and Conditions
  3. You are asked to choose, if you want to share email id with EFF for news, campaigns etc.
  4. If you already have domain name written in configuration file, it will ask you to choose for which domain you need SSL certificate, if none are configured, you can enter domain name now
    1. for multiple SSL for multiple domains, add them as comma separated values
    2. for wildcard, add *

Now, if your domain is mapped right and your working directory is writable, Let’s encrypt will try to put one file in that location to verify your identity.

If everything goes well, you will be given SSL certificates at /etc/letsencrypt directory

NGINX

1. Install Certbot

If you have installed Nginx on your server, and you are using a Linux system, follow the below-mentioned steps to install let’s encrypt

sudo apt update
sudo apt install -y certbot
sudo apt install -y python-certbot-nginx

Certbot is an authority that owns let’s encrypt, which will help us get certificates from let’s encrypt.
Run the below-mentioned command to issue an SSL certificate for your website

2. Issue an SSL Certificate

sudo certbot --nginx
sudo certbot certonly --nginx

Here, 1st command

  • will get SSL Certificates for your website and change NGINX configuration to allow HTTPS for your site.
    • You can even choose to add redirection from HTTP to HTTPS, certbot will do that configuration
  • In this step, you don’t need to do anything after SSL certificates are fetched. It will automatically add configuration in apache and restart the webserver

While 2nd command,

  • will only get you SSL Certificates, and afterward, you need to modify NGINX configuration files to use those certificates

3. Provide Details

You need to provide below-mentioned details

  1. Email Address – used for renewal and notices of expiration of certificates
  2. Agree with Terms and Conditions
  3. You are asked to choose, if you want to share email id with EFF for news, campaigns etc.
  4. If you already have domain name written in configuration file, it will ask you to choose for which domain you need SSL certificate, if none are configured, you can enter domain name now
    1. for multiple SSL for multiple domains, add them as comma separated values
    2. for wildcard, add *

Now, if your domain is mapped right and your working directory is writable, Let’s encrypt will try to put one file in that location to verify your identity.

If everything goes well, you will be given SSL certificates at /etc/letsencrypt directory

Docker

1. Pull Certbot Image

If you have installed Docker on your server, pull latest docker image for certbot

docker pull certbot/certbot:latest

Certbot is an authority that owns let’s encrypt, which will help us get certificates from let’s encrypt.

2. Prepare docker parameters

While running docker container for SSL certificate, we need to give access to directories where code lies, also where lets encrypt can copy obtained SSL certificate as container will get destroyed once SSL certificate is issued

  1. Let’s Encrypt root directory to store SSL Certificates
    • /etc/letsencrypt
  2. To map let’s encrypt libraries
    • /var/lib/letsencrypt
  3. Code directory
    • System – /usr/share/nginx/html or /var/www/html
    • Container’s – /data/letsencrypt
  4. To store log
    • /var/log/letsencrypt
  5. Domain name
    • abc.xyz.com
  6. Email ID
    • sample-email@example.com

3. Issue SSL Certificate

For one domain, use this command

sudo docker run -it --rm --name certbot \
            -v "/etc/letsencrypt:/etc/letsencrypt" \
            -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
            -v "/usr/share/nginx/html/:/data/letsencrypt" \
            -v "/var/log/letsencrypt:/var/log/letsencrypt" \    
            certbot/certbot certonly \
            --expand \
            --webroot \
            -d abc.xyz.com \
            --agree-tos \
            --webroot-path=/data/letsencrypt \
            --email sample-email@example.com

For multiple domains, use below-mentioned command

sudo docker run -it --rm --name certbot \
            -v "/etc/letsencrypt:/etc/letsencrypt" \
            -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
            -v "/usr/share/nginx/html/:/data/letsencrypt" \
            -v "/var/log/letsencrypt:/var/log/letsencrypt" \    
            certbot/certbot certonly \
            --expand \
            --webroot \
            -d abc.xyz.com \
            -d def.xyz.com \
            --agree-tos \
            --webroot-path=/data/letsencrypt \
            --email sample-email@example.com

Now, if your domain is mapped right and your working directory is writable, Let’s encrypt will try to put one file in that location to verify your identity.

If everything goes well, you will be given SSL certificates at /etc/letsencrypt directory

References:

  1. Certbot

Drafted On,
4th December 2021
DevOps @identicalCloud.com

Summary
How to issue a free SSL certificate for your site using let's encrypt
Article Name
How to issue a free SSL certificate for your site using let's encrypt
Description
How to issue a free SSL certificate for your site using let's encrypt for Apache, and NGINX web server or using Docker Container
Author
Publisher Name
IdenticalCloud
Publisher Logo

Leave a Comment