<< Back

Easy Install Ssl Certificate On Linux For Https

Posted on Friday 15th December 2017

As everything is gradually moving to the internet, it's becoming a haven for malicious people to steal and manipulate data to their own ends. One of the main ways to protect against this is by encrypting the information shared between your website, and the client. This can be achieved with SSL.

What is SSL

You can tell if a website is using SSL by the web address starting in https:// and by a lock icon being shown before the address.

Until recently I used the SSL provided by the Content Delivery Network (CDN) cloudflare. I thought it would be complicated to set this up locally, and as I was already using cloudflare I decided to use their option.

I had been using this offering for free for several years until I decided it was time to look further into hosting my own SSL Certificate, and to my surprise it was a lot easier to setup then I first anticipated.

For this method you need SSH root access to your server.

Setting Up SSL

The following is intended for usage on Debian 9 using apache, the method may be slightly different so when prompted download the correct version for your system and setup.

1) Download Certbot

Certbot is a utility for signing SSL Certificates with LetsEncrypt, a service which provides SSL certificates for free. You can download this from https://certbot.eff.org/ or on debian based systems the following command.

sudo apt-get install python-certbot-apache

2) Running Certbot

Certbot automates the installation of certificates on multiple platforms, and as it requires root privileges we need to run it using sudo.

In the snippet below we are telling the super user (root) to run certbot for the apache environment. This will automatically get the SSL Certificates and apply the required changes to the virtual

sudo certbot --apache

Or if you would rather download just the certificate and manually edit the virtualhosts file, then pass the certonly option.

sudo certbot --apache certonly

It will give you a list of sites to enable ssl for, just enter the numeric value for each and hit enter.

Sites

After retrieving the SSL Certificate, It will ask if you want the Easy or Secure option. It is best to use the Secure option and it will always force the user onto the encrypted version.

HTTPS Options

3) Renewal

SSL Certificates are not permanent, they expire after a period of time. So we need to ensure that these are automatically updated. This is included within certbot.

To test the renewal, run the following test

 sudo certbot renew --dry-run

Once this has worked, you will need to setup a cron to run the following command at least once every three months.

sudo certbot renew