Let’s Encrypt is a free, automated, and open certificate authority (CA) that provides domain-validated certificates for websites. It is a great way to secure your website with HTTPS and improve its performance, security, and SEO.
In this blog post, I will show you how to install and configure Let’s Encrypt with Apache on Debian 11. The steps are similar for other Linux distributions and web servers.
Prerequisites
Before you begin, you will need:
- A domain name that points to your server’s IP address. For example, example.com.
- A server running Debian 11 with Apache installed and configured. You can follow this guide to set up Apache on Debian 11.
- A sudo user account on your server.
- A virtual host file for your domain in /etc/apache2/sites-available/. For example, example.com.conf. You can follow this guide to create a virtual host file for your domain.
Step 1: Installing Certbot
The first step to using Let’s Encrypt to obtain an SSL certificate is to install the Certbot software on your server. Certbot is a tool that automates the process of obtaining and renewing certificates from Let’s Encrypt.
To install Certbot on Debian 11, run the following command:
sudo apt update
sudo apt install python3-certbot-apache
This will install Certbot and its Apache plugin, which will help you configure Apache to use the certificate.
Step 2: Obtaining a Certificate
To obtain a certificate from Let’s Encrypt using Certbot, run the following command:
sudo certbot --apache -d example.com -d www.example.com
Replace example.com and www.example.com with your domain name and any subdomains you want to include in the certificate. You can specify multiple domains by using the -d option multiple times.
You will be asked to provide some information, such as your email address and whether you want to redirect HTTP traffic to HTTPS. You will also need to agree to the terms of service and optionally share your email with the Electronic Frontier Foundation (EFF).
If everything goes well, you should see a message like this:
Congratulations! You have successfully enabled https://example.com and https://www.example.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.example.com
This means that Certbot has obtained a certificate for your domain and configured Apache to use it. You can verify that by visiting your website using HTTPS or by using an online tool like SSL Labs.
Step 3: Renewing the Certificate
Let’s Encrypt certificates are valid for 90 days, so you need to renew them before they expire. Certbot can automatically renew your certificates for you by running a cron job or a systemd timer.
To check if the automatic renewal is enabled, run the following command:
sudo systemctl status certbot.timer
You should see something like this:
● certbot.timer - Run certbot twice daily
Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Fri 2022-12-17 12:34:56 UTC; 1h 23min ago
Trigger: Sat 2022-12-18 00:00:00 UTC; 10h left
Triggers: ● certbot.service
Dec 17 12:34:56 debian systemd[1]: Started Run certbot twice daily.
This means that the certbot.timer is enabled and will run the certbot.service twice a day to check for expiring certificates and renew them if necessary.
You can also manually test the renewal process by running the following command:
sudo certbot renew --dry-run
This will perform a trial run of the renewal without making any changes. You should see a message like this:
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/example.com/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates above have not been saved.)
This means that the renewal process works as expected and you don’t need to worry about your certificates expiring.
In this blog post, you have learned how to install and configure Let’s Encrypt with Apache on Debian 11. You have also learned how to obtain, verify, and renew certificates using Certbot. You can now enjoy the benefits of having a secure and encrypted website with HTTPS.
And if the above is a hustle for you to renew your Let’s Encrypt SSL certificate, you can always order from us (SPEEDHUB.eu) a SSL Certificate for Domain Validation for just 6.99 Euro/Year from here in just a few clicks.