Introduction
Securing your website with SSL (Secure Socket Layer) is essential for data encryption, improved search engine rankings, and user trust. Let’s Encrypt provides free SSL certificates, making it easy to secure your site without additional costs. In this guide, you’ll learn how to set up Let’s Encrypt SSL on both Apache and NGINX web servers, along with configuring auto-renewal scripts to ensure your certificates never expire unexpectedly.
This step-by-step guide covers installation, configuration, and automation for hassle-free SSL management.
Prerequisites
Before we begin, ensure you have:
- A Linux server (Ubuntu 22.04 preferred)
- Root or sudo privileges
- A registered domain name pointing to your server’s IP
- Apache or NGINX installed and running
Step 1: Install Certbot
Certbot is a command-line tool that automates the process of obtaining and renewing SSL certificates from Let’s Encrypt.
Update the package list:
sudo apt update
Install Certbot and the necessary plugins for Apache and NGINX:
sudo apt install certbot python3-certbot-apache python3-certbot-nginx -y
Step 2: Obtain SSL Certificates for Apache
To secure your website running on Apache, use the following command:
sudo certbot –apache -d yourdomain.com -d www.yourdomain.com
Certbot will:
- Detect your Apache configuration
- Obtain the SSL certificate from Let’s Encrypt
- Automatically configure SSL for your site
Follow the interactive prompts to:
- Choose between redirecting HTTP to HTTPS (recommended)
- Confirm the SSL installation
Verify SSL Installation:
After installation, restart Apache:
sudo systemctl restart apache2
Visit https://yourdomain.com to confirm SSL is active.
Step 3: Obtain SSL Certificates for NGINX
For NGINX, the process is similar:
sudo certbot –nginx -d yourdomain.com -d www.yourdomain.com
Certbot will automatically detect your NGINX configuration and adjust it to support SSL. Choose the option to redirect HTTP to HTTPS when prompted.
Verify SSL Installation:
Restart NGINX:
sudo systemctl restart nginx
Open https://yourdomain.com in your browser to verify SSL is working.
Step 4: Automate SSL Certificate Renewal
Let’s Encrypt certificates are valid for 90 days. Fortunately, Certbot makes auto-renewal easy.
Check Renewal Process:
Run this command to simulate the renewal process:
sudo certbot renew –dry-run
If the test completes successfully, auto-renewal is working correctly.
Set Up Auto-Renewal with Crontab:
Although Certbot installs a systemd timer by default, you can add an extra layer of automation with a cron job.
sudo crontab -e
Add the following line to renew SSL certificates twice a day:
0 0,12 * * * /usr/bin/certbot renew –quiet
Explanation:
- 0 0,12 *: Runs at midnight and noon daily.
- –quiet: Suppresses output unless an error occurs.
Step 5: Custom Auto-Renewal Script (Optional)
For advanced automation, you can create a custom script to renew SSL and reload the web server automatically.
Create the Script:
sudo nano /usr/local/bin/ssl-renew.sh
Insert the following:
#!/bin/bash
certbot renew –quiet
systemctl reload apache2
systemctl reload nginx
Make the script executable:
sudo chmod +x /usr/local/bin/ssl-renew.sh
Schedule the Script:
sudo crontab -e
Add the cron job:
0 1 * * * /usr/local/bin/ssl-renew.sh
This runs the script daily at 1 AM, renewing SSL certificates and reloading Apache/NGINX if necessary.
Step 6: Troubleshooting SSL Issues
- Check SSL Status:
sudo certbot certificates
- Manually Renew Certificates:
sudo certbot renew
- Check Renewal Logs:
sudo less /var/log/letsencrypt/letsencrypt.log
Security Best Practices
- Regularly update Certbot:
sudo apt update && sudo apt upgrade certbot -y
- Enable strong SSL protocols and ciphers in your web server configuration.
- Monitor SSL expiration with external tools like SSL Online Tools.
Conclusion
You’ve successfully secured your website with Let’s Encrypt SSL on Apache and NGINX. Automating the renewal process ensures continuous protection without manual intervention. Regular monitoring, along with proper server configurations, will help maintain a secure environment for your website visitors.
