How To Setup A Let’s Encrypt HTTPS Certificate On Debian Or Ubuntu

Having an HTTPS certificate on your site has many advantages. Among many other advantages, having an HTTPS certificate can make it more secure for your users and now will give your site better SEO. This article will discuss how to setup a free Let’s Encrypt HTTPS certificate on your website either Debian or Ubuntu.

This article assumes that you have control of your server and that you host your site using Apache. We will describe step-by-step how to setup your certificate. Also, throughout this article, we will assume that are setting up the SSL certificate for example.com. Note: if you already have a Let’s Encrypt certificate and you want to renew it, you can read our article here about how to do that.

Step 1: Install Certbot – The Software That Installs And Renews Let’s Encrypt Certificates

Installing Certbot For Ubuntu 14.04 (Trusty Tahr) or Ubuntu 16.04 (Xenial Xerus)

It is fairly simple to install certbot for Ubuntu you simply follow these steps

Update Your Package Lists and also update system
sudo apt-get update && sudo apt-get upgrade -y

Install a necessary software
sudo apt-get install software-properties-common

Add The Repository that contains certbot
sudo add-apt-repository ppa:certbot/certbot

Update Your Package Lists and also update system
sudo apt-get update
sudo apt-get install python-certbot-apache

Installing Certbot For Debian 9 Stretch

You will need to make sure that you have Debian Stretch backports enabled. If you don’t already have it enabled, here are the steps to do that:

cd /etc/apt/
sudo vim sources.list

Then will you need to add in the line

deb http://ftp.debian.org/debian stretch-backports main

Then update your package lists by typing:
sudo apt-get update
After that is done, then you will install certbot by typing:
sudo apt-get install python-certbot-apache -t stretch-backports

Installing Certbot For Debian 8 Jessie

The steps for installing certbot in Jessie are very similar to those for Debian Jessie. Make sure that you have Debian Jessie backports enabled. If you don’t already have it enabled, here are the steps to do that:

cd /etc/apt/
sudo vim sources.list

Then will you need to add in the line

deb http://ftp.debian.org/debian jessie-backports main

Then update your package lists by typing:
sudo apt-get update
After that is done, then you will install certbot by typing:
sudo apt-get install python-certbot-apache -t jessie-backports

You can learn more about Debian backports here.

Step 2: Make Sure Port 443 Is Open

HTTPS uses port 443 by default, so your firewall must allow port 443. If you know that your firewall already allow port 443, then you can go on to the next step. Otherwise, read on.

If you use ufw you can open port 443 with the command:

sudo ufw allow 443

If you use a different firewall, look up how to open port 443 and do so.

Step 3: Create The HTTPS Certificate For Your Site With Certbot

Now, after having installed certbot and made sure that port 443 is open, we will not create the HTTP certificate with certbot.

Type this command:
sudo certbot --apache

I have done exercise on one one of my newer domains, and taken screenshots of it, but have edited out the actual domain name with example.com

certbot setup page 1

Here, you will chose both the domain and any subdomains you want to have using HTTPS.

Next subpart:  Choose whether you always want HTTPS or will allow users to choose between HTTPS or HTTP.

After choosing what you want to have an HTTPS certificate for, the program will output:

“Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

1: No redirect – Make no further changes to the webserver configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.”

certbot setup page 2

I will usually choose option 2. HTTPS will get better SEO and is more secure for your users. The only risk with option 2 though is that if your site’s HTTPS certificate gets messed up, your whole site could go down. If you choose option 1, users can go to both
http://example.com or
https://example.com

Option 2 will redirect all to HTTPS. So if the user entered in http://example.com, the server would recdirect it to https://example.com. Choose option 1 or 2 and hit enter.

If successful, you will see text something like:

“Congratulations! You have successfully enabled https://example.com and
https://www.example.com.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com .com
https://www.ssllabs.com/ssltest/analyze.html?d=www.example.com.com

certbot setup page 3

You can go to https://www.ssllabs.com/ssltest/analyze.html to check how good your certificate is.

Below is a screenshot of the test for linuxwebdevelopment. We got an A+ for our SSL security 🙂

linuxwebdevelopment.com ssl security checked

The commands we have done in step 3 will actually edit your Apache config file for the site and add an additional config file for the SSL version of your site as well.

Step 4: Manually Check That HTTPS Works On Your Site

the last step is to check that actually https works by
going to your site. On your site you should see something like:

final check for https certificate

Just look for  HTTPS and some icon looking like a green lockpad.

Did you like this article? Do you have anything to add? Let’s discuss it in the comments below.

Leave a Reply