When you compare SSL/TLS, SSL stands for Secure Socket Layer while TLS stands for Transfer Layer Security. SSL/TLS is a popular cryptographic protocol that establishes a secure connection between servers and devices by encrypting data through HTTPS protocol.
It is an authentication protocol widely implemented in web servers and browsers creating a secure layer over insecure HTTP for secure data exchange between them. For SSL/TLS we need a valid Certificate Authority (CA) and in this article, we will use Let's Encrypt CA which is free.
Certbot is an open-source software tool for integrating and managing Let's Encrypt certificates on the web to enable secure HTTPS protocol. It will automatically manage the Let’s Encrypt certificate for you. For this you will need a valid domain with your server IP address pointed on it and Nginx with pre config server block.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to perform related Let's Encrypt Certificate queries.
In this context, we shall look into how to install let’s encrypt certificates in Ubuntu 20.04 using Certbot.
Before proceeding with this Installation procedure, ensure that the following requirements are met:
To install Certbot and Nginx plugin execute the following command. Before installing the Certbot make sure you update the package info:
$ sudo apt update
$ sudo apt install certbot python3-certbot-nginx
Make sure your Nginx configuration is working properly and the domain name is included on the config.
We can get an SSL Certificate in different ways using a different plugin provided by Certbot. To get the certificate we will use the certbot command along with the Nginx plugin which we have installed earlier.
i. The Nginx plugin will manage auto-configuration and reloading Nginx config when needed.
For this, you need to execute the following command:
$ sudo certbot --nginx
After executing the above command Certbot will provide the option for choosing the domain for which it will request the certificate for the chosen domain. Here, the subdomain we will request the certificate is option 2.
ii. Now, the Certbot will perform some tasks and again it will ask if you want to redirect HTTP traffic to HTTPS.
Choose the number of choices you prefer and press enter.
After the redirection config is configured Certbot will begin the final setup and output the following important notes and success message.
iii. Now, if you hit the URL you will get the lock icon before your URL if you click on it, it will show 'Connection is secure'.
If you want more info on the certificate click on the certificate you will get the following result that shows you CA details like issued by, issue date, expiry date, etc.
The actual time period of the certificate is three months so you have to renew your certificate after its valid period ends. The Certbot command provides you an easy certificate renewal method.
You can first check for the renewal by executing the following command:
$ sudo certbot renew --dry-run
If there is no error you are ready to go for your actual renewal.
You just need to execute the following command and the Certbot renew it:
$ sudo certbot renew
This article covers how to install Certbot, to get let's encrypt certificates. SSL/TLS encryption is an integral part of the network infrastructure. Any web and mail server allows you to enable data encryption.
To begin, you must have a domain name. Its DNS A-record must contain the public address of your server. If the firewall is enabled, open access for HTTP and HTTPS traffic:
$ sudo ufw allow 80
$ sudo ufw allow 443
To Install the "Let's Encrypt" package on Ubuntu:
1. Run the command below to install Let's Encrypt.
$ sudo apt install letsencrypt
2. Check the "certbot.timer" utility for automatic certificate renewal.
$ sudo systemctl status certbot.timer