Let’s Encrypt is a widely known certificate authority that provides free X.509 SSL certificates for TLS encryption. It was launched in April 2016.
Let’s Encrypt installation is an automated process to eliminate the current complex process of certificate creation, validation, signing, implementation, and renewal of certificates for secure websites.
To generate a certificate for your domain, you should have terminal/shell access and Certbot ACME client. It handles certificate issuance and installation with no downtime.
Currently, Apache, Nginx, Plex,
and Haproxy
are supported for the automated process.
The manual process is also easy to follow.
1. Create a certificate for your domain.
2. Update Nginx configuration to use the created certificate.
Prerequisites:
You should have LEMP
stack configured on Ubuntu / CentOS / Debian
.
Install Let’s Encrypt
Log in as the root or switch to the root user.
su -
OR
sudo su -
Certbot is available on EPEL repository for CentOS, and Certbot PPA should be configured on Ubuntu.
### Ubuntu 18.04 / Ubuntu 16.04 ###
apt-get update
apt-get install -y software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get update### CentOS 7 ###
rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm### RHEL 7 ###
subscription-manager repos --enable rhel-7-server-optional-rpms
Now, install the certbot client.
### Ubuntu 18.04 / Ubuntu 16.04 ###
apt-get install -y python-certbot-nginx### CentOS 7 / RHEL 7 ###
yum install -y certbot### Debian 9 ###
apt-get install -y python-certbot-nginx -t stretch-backports