Let’s Encrypt provides free SSL certificates for your websites to use secure connections. Certbot is free open source software that allows you to easily create Let’s Encrypt SSLs on your unmanaged Linux server. Log into SSH as root to begin.
Install Certbot in Ubuntu 20.04
Instead of the older python-certbot-apache package, Certbot now recommends using the snapd package manager to install Certbot in Ubuntu. InMotion Cloud Server Hosting is incompatible with snapd at this time, but Python Installs Packages (PIP) works just as well.
Install Certbot in Ubuntu with PIP
Cloud server users can install Certbot in Ubuntu with PIP.
- First, install PIP:
sudo apt install python3 python3-venv libaugeas0
- Set up a virtual environment:
sudo python3 -m venv /opt/certbot/
sudo /opt/certbot/bin/pip install --upgrade pip
- Install Certbot on Apache (or NGINX):
sudo /opt/certbot/bin/pip install certbot certbot-apache
sudo /opt/certbot/bin/pip install certbot certbot-nginx
- Create a symlink to ensure Certbot runs:
sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot
Install Certbot in Ubuntu with snapd
Our Dedicated Server Hosting users can use snapd.
- Install snapd:
sudo apt install snapd
- Ensure you have the latest snapd version installed:
sudo snap install core; sudo snap refresh core
- Install Certbot with snapd:
sudo snap install --classic certbot
- Create a symlink to ensure Certbot runs:
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Create an SSL Certificate with Certbot
Run Certbot to create SSL certificates and modify your web server configuration file to automatically redirect HTTP requests to HTTPS. Or, add “certonly” to create the SSL certificates without modifying system files (recommended if hosting staging sites that should not be forced to use an SSL).
- Choose the best option for your needs.
Create SSL certs for all domains and configure redirects in the web server:sudo certbot --apache
sudo certbot --nginx
Create SSL certs for a specified domain (recommended if you’re using your system hostname):sudo certbot --apache -d example.com -d www.example.com
Only install SSL certs:sudo certbot certonly --apache
sudo certbot certonly --nginx
- Enter an email address for renewal and security notices.
- Agree to the terms of service.
- Specify whether to receive emails from EFF.
- If prompted, choose whether to redirect HTTP traffic to HTTPS – 1 (no redirect, no further changes to the server) or 2 (redirect all HTTP requests to HTTPS).
SSL Maintenance and Troubleshooting
After you install a Let’s Encrypt certificate on your Ubuntu Certbot setup, you can test your website SSL status at https://WhyNoPadlock.com to identify mixed content errors.
The certificate files for each domain is stored in:
cd /etc/letsencrypt/live
Let’s Encrypt certificates expire after 90 days. To prevent SSLs from expiring, Certbot checks your SSL status twice a day and renews certificates expiring within thirty days. You can view settings with Systemd or cron.d.
systemctl show certbot.timer
cat /etc/cron.d/certbot
Ensure the renewal process works:
sudo certbot renew --dry-run
SSL Improvements
Having an SSL cert and 301 redirects to force HTTPS aren’t always enough to prevent hacks. Cyber attackers have found ways to bypass both security practices to infiltrate server communications.
HTTP Strict Transport Security (HSTS) is a security HTTP header that addresses this by telling web browsers to only serve your website when received with a valid SSL cert. If the browser receives an insecure connection, it rejects the data altogether to protect the user. It is easy to configure HSTS within your web server (e.g. Apache and NGINX).
Upgrade to VPS Hosting for Peak Performance
Upgrade to InMotion VPS Hosting today for top-notch performance, security, and flexibility, and save up to $2,412 – a faster, stronger hosting solution is just a click away!
SSD Storage High-Availability Ironclad Security Premium Support
