Add SSL/TLS to Apache with “Let’s Encrypt”
Everyone would love to see that lovely green lock next to your website’s URL and that glorious “https” mark, which makes us all feel warm and fuzzy inside, right? No problem. Thank’s to “Let’s Encrypt” you can now make it happen fast and free. Let’s build together a better internet.
This tutorial is to set up the certificate on an Apache Web Server
Get the client
First of all we will download the “Let’s encrypt” client. That is right. They made a client-side app, to make it extra easy for you. So we will save it under
/opt, which seems to be the standard directory to place 3rd-party software, or so I am told.
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
Set up the certificate
Keep in mind how many domains you want to support with a single certificate. For instance, this blog should work only with the URL
https://enriquemorenotent.com, but it could also be set to work with
https://www.enriquemorenotent.com which means that we have 2 domains to support:
cd /opt/letsencrypt ./letsencrypt-auto --apache -d enriquemorenotent.com -d www.enriquemorenotent.com
Notice how I add a
-d for every domain I want to support. It is important that the first domain is the base domain.
After a few questions like email address and others, you will be all set!
Renew your certificate automatically
The certificates from Let’s Encrypt only last 3 months. But updating them is quite easy. Just download the following script and install it
sudo curl -L -o /usr/local/sbin/le-renew http://do.co/le-renew sudo chmod +x /usr/local/sbin/le-renew
Now all you have to do is run
sudo le-renew enriquemorenotent.com
and the cerfiticate will update (or it will tell you that is too soon for it).
We can make this task automatic using crontab:
30 2 * * 1 /usr/local/sbin/le-renew enriquemorenotent.com >> /var/log/le-renew.log
This will run every Monday at 2:30 am the script, updating the certificate if necessary
Update the client
Remember that the client you cloned with git might be in development, so every now and then it might not be a bad idea to do this:
cd /opt/letsencrypt sudo git pull
Just to make sure we are using the latest version 😉
Based on this tutorial