How to Get and Deploy Free SSL Certificates from Let’s Encrypt

by

What is Let’s Encrypt, https://letsencrypt.org
Let’s Encrypt is a free, automated, and non-profit certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG) that provides X.509 certificates for Transport Layer Security encryption at no charge.

The expiration date of a cert is 90 days, so you must renew within next 90 days later.

In this article, i will show basic step by step on how to Get and Deploy Free SSL Certificates from Let’s Encrypt

First, we need to install Certbot Client which is the tool to get certificates from Let’s Encrypt.

# yum --enablerepo=epel -y install certbot

# for the option [–webroot], use a directory under the webroot on your server as a working temp
# -w [document root] -d [FQDN you’d like to get certs]
# FQDN (Fully Qualified Domain Name) : linodelinux.lab
# if you’d like to get certs for more than 2 FQDNs, specify all like below
# ex : if get [linodelinux.lab] and [www.linodelinux.lab]
# ⇒ specify [-d linodelinux.lab -d www.linodelinux.lab]

# certbot certonly --webroot -w /var/www/html/linodelinux.lab -d linodelinux.lab

Example :

# certbot certonly --webroot -w /var/www/html/linodelinux.lab -d linodelinux.lab
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Requesting a certificate for linodelinux.lab
Performing the following challenges:
http-01 challenge for linodelinux.lab
Using the webroot path /var/www/html/linodelinux.lab for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/linodelinux.lab/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/linodelinux.lab/privkey.pem
   Your certificate will expire on 2021-11-26. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Recommended Reading

Leave a Comment