How to set up SSL certificate for free in Ubuntu

We'll be using Let's Ecrypt SSL Certificate to host our website on HTTPS using an SSL certificate.

Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge.

Pre-Requisites

We assume that you already have your website up and running at your Virtual Machine's IP address. If you haven't done so, you can follow this tutorial in case you haven't.

We also assume that you have either nginx or apache web server which is being used to host the website. This tutorial shows you the configuration for both the servers and you should follow only the part specific to the web server you're using.

Pointing your DNS record to your IP address

Before we generate the SSL certificate, we need to make sure that the website's DNS record holds the A record for the website. To do so, you can go to your domain provider or hosting provider, depends upon what service you use to create DNS records, then add an A record at the domain you want your website to be hosted at. It can be the root domain such as https://semikolan.co or any subdomain such as https://blog.semikolan.co. 

Your DNS record should look something like ->

This is a screenshot in Porkbun which is our DNS provider, the TTL and Priority can vary according to your needs.

Installing Certbot

We can use this command to download Certbot Repository:

sudo apt-get install snapd
sudo snap install core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Here we've used snapd to install certbot which is recommended by certbot, you can also use pip and other methods available here.

We can now generate our SSL Certificate and automatically change our web server config files using:

sudo certbot --nginx

for nginx or 

sudo certbot --apache

for Apache. You can also learn more at the certbot website mentioned above.

Note that you only need to execute one of the above command depending on the webserver you're using.

This command will generate the certificate for domain name you've provided in the certbot details.

You will also be prompted to share your contact email address and other minor details. You can also opt out of sharing your email.

You can then also check your SSL certificate using:

cd /etc/letsencrypt/live/semikolan.co
ls

where you'll see files such as cert.pem, chain.pem etc.

You can also make sure that the nginx or apache config files are modified properly using 

sudo nano /etc/nginx/sites-enabled/semikolan.co

for nginx. You should see something like

ssl_certificate /etc/letsencrypt/live/semikolan.co/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/semikolan.co/privkey.pem;

or 

sudo nano /etc/apache2/sites-enabled/semikolan.co

for apache where you should see something like

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/semikolan.co/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/semikolan.co/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/semikolan.co/chain.pem

You can also configure these details manually.

You should also restart your server, for nginx use:

sudo systemctl restart nginx
sudo nginx -t

which should show you that nginx is serving. 

You can restart apache server using:

sudo service apache2 restart

Now we have eveything set up and you should see the site live at your domain, which in my case is https://semikoan.co

Category: Azure | DevOps

Relavent Tags: DevOps, Nginx, Linux, Ubuntu, Apache