Certbot SSL
Install a free ssl certificate using Certbot issued by Lets encrypt on a Apache server .
Every website needs an SSL certificate so that the website can load securely without warnings over https rather then http.
As I’m running my sites on Digitalocean barebones VPS with Apache, the process of installing a free ssl certificate for all my websites is quick, easy and fun! 😉
Install an SSL certificate using certbot
What type of SSL is installed By certbot?
Certbot, through Let’s Encrypt, installs Domain Validated (DV) SSL certificates. These certificates provide basic encryption and are suitable for most websites as they verify the ownership of the domain.
When is it set to renew?
Certbot SSL certificates, typically issued by Let’s Encrypt, are valid for 90 days.
Prerequisites
You will need Sudo user access to your webserver so that you have adequate permissions to install the certbot software and also the SSL certificate.
- sudo user access to server
- certbot installed
After ssh into your server and with certbot already installed you can run the following commands
List installed certificates
List all the currently installed ssl certificates. An view expiry date of certificate.
1
sudo certbot certificates
The above command will tell you if certbot is installed and what certificates are already installed.
Checklist before installing the certificate
Before running the install command there is some things you MUST do for a successful install.
- Your domain must be added to the server through the control panel
- You have updated your virtual host file
- Your dns is configured to point to the server you are about to install the certificate for.
Install an SSL certificate on Apache for your domain name
1
sudo certbot --apache -d example.com
Renew all certificates
The SSL certificates are set to auto renew every 90 days.
1
sudo certbot renew
Renew specific domain
1
sudo certbot renew --cert-name example.com
Install an ssl certificate on nginx for your domain name
The command for installing an ssl certificate for nginx is slightly different to the Apache install command.
1
sudo certbot --nginx -d example.com
Deleting a certificate
It can be handy to delete certificates if they are not required or not working correctly. Sometimes it’s best to start over by deleting the certificate and the reinstalling.
1
sudo certbot delete --cert-name example.com
Troubleshooting
Error when trying to renew
Ensure port 80 is enabled. Certbot needs port 80 to renew a certificate. Some servers disable port 80 http for security.
fail to install
If the certificate fails to install. Your domain might not be delegated correctly. Try ping your domain name from your terminal to see if you get a correct ip address response. The correct ip address should be the ip address of your web server. If the ip address is incorrect then the domain name is pointing to the wrong server and the ssl will not install.
1
ping example.com
Ensure the ipaddress in the response matches the ipaddress of your server. If it does not match, dont try installing the certificate.
Dont keep trying to install the certificate. Certbot can ban you if you have too many failed attempts.
Fail to renew
When running a renewal command you can get this some other file is missing file does not exist error.
1
sudo certbot delete --cert-name mysite.com
Sometimes when manual renewing ssl certs. and you get this error, which relates to other obsolete certificates. You can fix this by manually removing the old certificates.
1
2
3
AH00112: Warning: DocumentRoot [/var/www/example.site/web/] does not exist
AH00526: Syntax error on line 16 of /etc/apache2/sites-enabled/example.site-le-ssl.conf:
SSLCertificateFile: file '/etc/letsencrypt/live/example.site/fullchain.pem' does not exist or is empty
Remove the old certs
1
sudo rm /etc/apache2/sites-enabled/example.site-le-ssl.conf