Dev ❤ Ops
Dev ❤ Ops
Blog DevOps DevSecOps Linux Security

How to Get a Free SSL Certificate from Let’s Encrypt CLI

by |Published
Free SSL Certificate from Let's Encrypt CLI

Introduction

Securing your website with an SSL certificate is essential for protecting your users’ sensitive data and maintaining their trust. One popular and cost-effective option for obtaining an SSL certificate is Let’s Encrypt, which provides free, automated SSL certificates through their CLI (command-line interface). In this article, we will guide you through the process of getting a free SSL certificate from Let’s Encrypt CLI using a tool called Certbot.

Step 1: Install Certbot

Certbot is an easy-to-use client that helps you acquire and manage SSL certificates from Let’s Encrypt. To install Certbot, follow the instructions below, depending on your operating system:

Ubuntu/Debian systems:

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot

CentOS/RHEL systems:

sudo yum install epel-release
sudo yum install certbot

For other systems, please check the official Certbot documentation: https://certbot.eff.org/docs/install.html

Step 2: Obtain the SSL Certificate

To obtain a certificate for your domain, use the following command, replacing yourdomain.com with your actual domain name:

sudo certbot certonly --standalone -d yourdomain.com -d www.yourdomain.com

Certbot will automatically perform a challenge to verify domain ownership and request the SSL certificate. If successful, the certificate and key files will be stored in /etc/letsencrypt/live/yourdomain.com/.

Step 3: Configure Your Web Server

You’ll need to configure your web server to use the SSL certificate. The exact process depends on your web server (Apache, Nginx, etc.). Check the Certbot documentation for instructions specific to your web server: https://certbot.eff.org/docs/using.html#where-are-my-certificates

Step 4: Set Up Automatic Renewal

Let’s Encrypt certificates are valid for 90 days. To automatically renew your certificates before they expire, set up a cron job or systemd timer. For example, you can add the following line to your /etc/crontab file:

0 3 * * * root certbot renew --quiet

This will attempt to renew your certificates daily at 3 AM if they are within 30 days of expiration.

Conclusion

By following these simple steps, you can easily obtain a free SSL certificate from Let’s Encrypt CLI using Certbot. Not only will you secure your website and protect user data, but you’ll also improve your search engine ranking, as SSL certificates are now a crucial factor in SEO. Remember to keep your certificates updated by setting up automatic renewal, and enjoy the benefits of a secure and trustworthy online presence.

More from Let’s Encrypt

Let’s Encrypt is a powerful and versatile tool for managing SSL certificates. In addition to obtaining free SSL certificates, you can use Let’s Encrypt for various tasks such as:

Wildcard SSL Certificates

Let’s Encrypt also offers free wildcard SSL certificates, which cover all subdomains of a domain with a single certificate. To obtain a wildcard SSL certificate, use the following command:

sudo certbot certonly --manual --preferred-challenges dns -d "*.yourdomain.com"

You will need to create a DNS TXT record for domain validation during this process.

Expanding Existing Certificates

If you need to add more domains or subdomains to an existing certificate, you can use the –expand flag. For example:

sudo certbot certonly --expand -d yourdomain.com,www.yourdomain.com,newsubdomain.yourdomain.com

This command will replace the existing certificate with a new one that includes the additional domain(s).

Revoking SSL Certificates

If you need to revoke an SSL certificate, you can use the revoke command:

If you need to revoke an SSL certificate, you can use the revoke command:

After revoking a certificate, you should also delete it:

sudo certbot delete --cert-name yourdomain.com

Viewing Certificate Information

To view information about your installed certificates, such as their expiration dates, use the certificates command:

sudo certbot certificates

Testing Certificate Renewal

You can test the renewal process for your certificates using the renew command with the –dry-run flag:

sudo certbot renew --dry-run

This command will simulate the renewal process without making any actual changes.

Configuring Web Server Plugins

Certbot supports various web server plugins that can automate the process of obtaining and installing SSL certificates. Some popular plugins include:

certbot-apache: Apache plugin
certbot-nginx: Nginx plugin

To install a plugin, use the package manager for your operating system (e.g., apt-get or yum). Once installed, you can obtain and install a certificate with a single command:

sudo certbot --apache -d yourdomain.com -d www.yourdomain.com

Replace --apache with --nginx if you are using Nginx.

These are just a few of the many tasks you can accomplish with Let’s Encrypt and Certbot. The official documentation (https://certbot.eff.org/docs/) provides more information and advanced usage examples.

You May Also Like: Create a QR Code from Text or URL

Follow us on LinkedIn for updates!

AUTHOR

Pradeep Pandey
Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), Certified Kubernetes Security Specialist (CKS), Google Cloud Certified - Cloud DevOps Engineer, Google Cloud Certified - Professional Cloud Architect, Certified OpenStack Administrator (COA), Red Hat Certified System Administrator (RHCSA), Red Hat Certified Engineer (RHCE).

You may also like

Published

Tuples in Python

Tuples in Python are similar to lists, but they are immutable, meaning that their values cannot be changed after they are created. […]

Published

First Python Program

To write your first Python program, you will need a text editor or an Integrated Development Environment (IDE). Some popular IDEs for […]

Leave a comment

Your email address will not be published. Required fields are marked *