Certbot SSL
Every website needs an SSL certificate so that the website can load securely without warnings over https
rather then http
.
As I’m running my sites on Digitalocean barebones VPS with Apache, the process of installing a free ssl certificate for all my websites is quick, easy and fun! 😉
Install an SSL certificate using certbot
Prerequisites
You will need Sudo user access to your webserver so that you have adequate permissions to install the certbot software and also the SSL certificate.
- sudo user access to server
- certbot installed
After ssh into your server and with certbot already installed you can run the following commands
List installed certificates
This command is optional. I just like to start out running a safe command to list al the currently installed ssl certificates. If there is some problem with certbot then we will probably know about it with this command. And obviously it will list all certificates already installed on the server.
1
certbot certificates
The above command will tell you if certbot is installed and what certificates are already installed.
Checklist before installing the certificate
Before running the install command there is some things you MUST do for a successful install.
- Your domain must be added to the server through the control panel
- You have updated your virtual host file
- Your dns is configured to point to the server you are about to install the certificate for.
Install an SSL certificate on Apache for your domain name
1
sudo certbot --apache -d example.com
Install an ssl certificate on nginx for your domain name
The command for installing an ssl certificate for nginx is slightly different to the Apache install command.
1
sudo certbot --nginx -d example.com
Deleting a certificate
It can be handy to delete certificates if they are not required or not working correctly. Sometimes it’s best to start over by deleting the certificate and the reinstalling.
1
sudo certbot delete --cert-name example.com
Troubleshooting
If the certificate fails to install. Your domain might not be delegated correctly. Try ping your domain name from your terminal to see if you get a correct ip address response. The correct ip address should be the ip address of your web server. If the ip address is incorrect then the domain name is pointing to the wrong server and the ssl will not install.
1
ping example.com
Ensure the ipaddress in the response matches the ipaddress of your server. If it does not match, dont try installing the certificate.
Dont keep trying to install the certificate. Certbot can ban you if you have too many failed attempts.
Comments powered by Disqus.