Learn Quickly Get LetsEncrypt Certificates for Apache2 on Ubuntu 17.04 /17.10

This brief tutorial shows students and new users how to quickly obtain LetEncrypt SSL/TLS certificates for your domain using Apache2 webserver on Ubuntu 17.04 / 17.10 systems. For those who don’t know, LetEncrypt is an opensource initiative to provide free SSL certificates to anyone with valid domains.

With LetEncrypt, you will never have to pay for another SSL/TLS certificate again. This post you’re ready today is encrypted via LetEncrypt and renewed every 60 days automatically.

So, if you’re running Ubuntu 17.04 / 17.10 with Apache2 installed, follow the steps below to get a free SSL/TLS certificates for your domains.

Step 1: Get Ubuntu / Apache2

This post assumes that you already have Ubuntu server with Apache2 webserver installed. If not, search this blog to find tutorials on installing Ubuntu and Apache2.

Or run the commands below to install Apache2

sudo apt-get install apache2

After installing Apache2, the commands below can be used to stop, start and enable Apache2 to always startup when the server boots.

sudo systemctl stop apache2.service sudo systemctl start apache2.service sudo systemctl enable apache2.service 

Step 2: Installing LetEncrypt SSL/TLS Management Package

On Ubuntu systems, simply run the commands below to get LetEncrypt package. The package can then be used to obtain certificates for your domains.

sudo apt-get install python-certbot-apache

After running the commands above, your system should be ready to obtain certificates. But before you run the commands to obtain certificates, verify that the your domain name is setup in Apache2.

Step 3: Obtaining LetsEncrypt Certificates

To obtain LetEncrypt SSL/TLS certificates, run the commands to open Apache2 configuration file and add the domain names directives.

sudo nano /etc/apache2/sites-available/000-default.conf

Then verify that these lines are included

ServerName       example.com ServerAlias      www.example.com 

After verifying that information, run the commands below to obtain your certificates.

sudo certbot --apache -m [email protected] -d example.com -d www.example.com

Replacing www.exmaple.com and example.com with your domain name.

When you run the commands above, you must accept the terms.. Type A to accept.

Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory ------------------------------------------------------------------------------- (A)gree/(C)ancel: A 

You may also want to share your email with the Electronic Frontier Foundation..

Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o: Y  

Now all you do is sit back and relax.. LetsEncrypt will install and configure Apache2 with a valid SSL/TLS certificate. To correctly Apache2 up to handle all redirects to HTTPS, select option #2

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. ------------------------------------------------------------------------------- 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel):2 

This is how easy it is to setup LetEncrypt SSL/TLS for Apache2 on Ubuntu 17.04 / 17.10 systems.

IMPORTANT NOTES:  - Congratulations! Your certificate and chain have been saved at:    /etc/letsencrypt/live/example.com/fullchain.pem    Your key file has been saved at:    /etc/letsencrypt/live/example.com/privkey.pem    Your cert will expire on 2018-02-24. To obtain a new or tweaked    version of this certificate in the future, simply run certbot again    with the "certonly" option. To non-interactively renew *all* of    your certificates, run "certbot renew"  - Your account credentials have been saved in your Certbot    configuration directory at /etc/letsencrypt. You should make a    secure backup of this folder now. This configuration directory will    also contain certificates and private keys obtained by Certbot so    making regular backups of this folder is ideal.  - If you like Certbot, please consider supporting our work by:    Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate    Donating to EFF:                    https://eff.org/donate-le 

To get setup a process to automatically renew the certificates, add a cron job to execute the renewal process.

sudo crontab -e

Then add the line below and save.

0 1 * * * /usr/bin/certbot renew & > /dev/null

The cron job will attempt to renew 30 days before expiring.


This post shows students and new users how to easily install and obtain LetEncrypt SSL certificates for Apache2 on Ubuntu system. After setting it up, you’ll never have to pay for certificates again.


You may also like the post below:

Installing Nginx, MariaDB and PHP (LEMP) on Ubuntu 17.04 / 17.10

Leave a Reply