Install a Let's Encrypt SSL (Apache)

You can add a Let's Encrypt SSL certificate to any website hosted on your server. You can get more information about Let's Encrypt and their SSL certificates on their website.

You must renew Let's Encrypt SSL certificates every 90 days, otherwise the certificate will expire and your website will generate errors.

Prerequisites

This article assumes a few things:

  • Your domain is pointed to your server
  • You have Git installed
  • You have Apache installed as your web server

Install the Let's Encrypt application

  1. Connect to your server via SSH.
  2. Clone the Let's Encrypt program from Git:
    sudo git clone https://github.com/letsencrypt/letsencrypt
  3. Move into the letsencrypt directory:
    cd letsencrypt
  4. Install the help files from Let's Encrypt:
    ./letsencrypt-auto --help

Install and configure your SSL

  1. Run the Let's Encrypt application to obtain a certificate for your domain name:
    ./letsencrypt-auto --apache -d your domain name
  2. Enter your email address, and then press enter.
  3. Select Agree and press enter.
  4. Select how you want to configure non-HTTPS traffic (we recommend selecting Secure) and press enter.
  5. Press enter.

Agree to the Let's Encrypt Subscriber Agreement

Let's Encrypt requires you to manually set the flag indicating you have read their Subscriber Agreement. If you skip this step, you will not be able to renew your certificate.

  1. Agree to the Let's Encrypt Subscriber Agreement:
    ./letsencrypt-auto --agree-tos
  2. Complete the menu options that display.

Test your configuration

Test your SSL certificate configuration at https://www.ssllabs.com/ssltest/analyze.html?d=your domain name

Renew your Let's Encrypt certificate

You must renew your certificate 60-90 days after you create it.

  1. Renew your certificate:
    ./letsencrypt-auto renew
  2. Complete the menu options that display.

If you'd like, instead of renewing the certificate manually every 2-3 months, you can write a script that does it for you. Let's Encrypt has some guidance on how to do that in the Writing your own renewal script section of their Getting Started guide.


Was This Article Helpful?
Thank You For Your Feedback
Glad we helped! Anything more we can do for you?
Sorry about that. How can we be more helpful?