Blog: Secure Your Website With Free SSL | AWS VPS | OrbitWeb
Rigo Guadron / August 11, 2017
To enable HTTPS on your website, you need to get a certificate from a Certificate Authority (CA). Let’s Encrypt is a CA. In order to get a certificate for your website’s domain from Let’s Encrypt, you have to demonstrate control over the domain. With Let’s Encrypt, you do this using software that uses the ACME protocol, this is SSL.
We connect to our instance using SSH to use the Certbot ACME client. It can automate certificate issuance and installation with no downtime, get a free ssl is awesome!
ssh -i “keyfile.pem” ubuntu@PUBLIC_IP_ADDRESS
We visit the Certbot site to get customized instructions for your operating system and web server and get free ssl.
In this example, we are using Apache server on Ubuntu 16.04 (xenial)
Here is the extract from the set of instructions:
Install
On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you’ll need to do is apt-get the following packages.
$sudo apt-get install software-properties-common $sudo add-apt-repository ppa:certbot/certbot $sudo apt-get update $sudo apt-get install python-certbot-apache
Get Started for free ssl.
Certbot has an Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs to get a free ssl:
$sudo certbot –apache
Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you’re feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:
$ sudo certbot –apache certonly
To learn more about how to use Certbot read our documentation.
Automating renewal.
The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:
$sudo certbot renew –dry-run
Setup a cron job
$sudo crontab -e @daily sudo certbot renew –post-hook “service apache2 restart
More detailed information to get a free ssl and options about renewal can be found in the full documentation.