Configuring the free SSL provider for your hosting platform is now a standard practice for any webmaster. This guide outlines the key procedures to set up a secure certificate using Certbot.
Prerequisites and Initial Setup
Before starting the configuration, ensure your server has a public IP pointing to it. You will need sudo privileges and a HTTP daemon like Apache. The Let's Encrypt client package must be added via your apt or yum. For example, on Ubuntu, run: `sudo apt install certbot` or `sudo get more info yum install certbot`.
Obtaining the Certificate
The recommended method is to use the webroot plugin. For Apache, the `--apache` or `--nginx` plugin can automatically modify your configuration file. Run: `sudo certbot --apache -d example.com -d www.example.com`. This triggers the ACME challenge. If you prefer manual control, use: `sudo certbot certonly --webroot -w /var/www/html -d example.com`. This deposits a validation file in your document root.
Web Server Configuration Adjustments
After obtaining the certificate, you must modify your virtual host to use the correct paths. For Nginx, the typical directives are:
- SSLCertificateFile: `/etc/letsencrypt/live/example.com/fullchain.pem`
- SSLCertificateKeyFile: `/etc/letsencrypt/live/example.com/privkey.pem`
Ensure you activate HTTPS forwarding from HTTP to HTTPS. A permanent redirect is standard. For Apache, add a `return 301 https://$host$request_uri;` or use `RewriteEngine On` with `RewriteRule`.
Automated Renewal and Verification
Let's Encrypt certificates last 90 days. Certbot sets up a systemd timer to renew them without manual intervention. To simulate the renewal process, run: `sudo certbot renew --dry-run`. Check your server logs for issues. If the renewal encounters a problem, investigate for port 80 issues.
Security Hardening (Optional but Recommended)
To boost security, implement STS headers by adding `add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;` in your server block. Also, disable TLS 1.0 and use strong encryption suites. A secure configuration protects your visitors from vulnerabilities.
By implementing these instructions, your site will be secured with a cost-effective Let's Encrypt certificate, providing integrity for every request.