SSL/TLS encryption has become indispensable in today's network infrastructure, serving as a crucial element to ensure the security of communication on web and email servers. This article will provide a detailed explanation of the process to obtain a free SSL certificate from Let's Encrypt on Ubuntu 20.04.
Prerequisites for Obtaining an SSL Certificate
Before starting the certification process, it is essential to have a registered domain name and to ensure that the A record in DNS is pointing to the public address of the server. If a firewall is enabled, it is necessary to allow HTTP and HTTPS traffic with the following commands:
sudo ufw allow 80 sudo ufw allow 443
Step 1: Installation of the Let's Encrypt Package
The installation of the Let's Encrypt package and its dependencies is a fairly straightforward procedure. To carry it out, the following command should be used:
sudo apt install letsencrypt
This command not only installs the Let's Encrypt package but also includes the certbot.timer utility, which will handle the automatic renewal of certificates. This tool checks the validity of SSL certificates on the system twice a day and takes care of renewing those that will expire in the next 30 days. To verify that certbot.timer is running correctly, the following can be used:
sudo systemctl status certbot.timer
Next, different configurations and conditions for obtaining a certificate will be described.
Step 2: Obtaining the SSL Certificate Using a Standalone Server
The most direct way to obtain an SSL certificate is through the standalone option in Certbot. In this step, you should replace domain-name.com with the corresponding domain name and run the following command, following the instructions that appear:
sudo certbot certonly --standalone --agree-tos --preferred-challenges http -d domain-name.com
The --standalone option implies that the certificate will be obtained without installation on any web server, while Certbot will spin up a temporary web server for authentication. The --agree-tos option is used to accept the terms of service of Let's Encrypt, which is mandatory, and --preferred-challenges http indicates that HTTP will be used for verification.
Step 3: Automatic SSL Certificate Installation on Nginx and Apache Web Servers
Certbot has the capability to automatically install the certificate on web servers like Nginx and Apache. To do this, it is necessary to install an additional package depending on the server used:
sudo apt install python3-certbot-nginx
for Nginx or
sudo apt install python3-certbot-apache
for Apache.
For Nginx, the following command should be executed:
sudo certbot --nginx --agree-tos --preferred-challenges http -d domain-name.com
If using Apache, the corresponding command is:
sudo certbot --apache --agree-tos --preferred-challenges http -d domain-name.com
After executing one of these commands, Certbot will guide you through the SSL certificate installation process.
Step 4: Creating a Wildcard SSL Certificate with Let's Encrypt
For the creation of a wildcard certificate, the only available challenge method is DNS. In this case, you should specify the main domain and the wildcard (e.g., domain-name.com and *.domain-name.com) in the -d parameter of the following command:
sudo certbot certonly --manual --agree-tos --preferred-challenges dns -d domain-name.com -d *.domain-name.com
Once the command is executed, the specified TXT record must be added in the DNS server, and the process should continue. If everything has been done correctly, the path where the new wildcard certificate is stored will be displayed, along with additional information.
By following these steps, a free SSL certificate from Let's Encrypt can be effectively obtained and installed on Ubuntu 20.04, which represents a significant advancement in server security and user trust.
For more content related to web security and other technological topics, feel free to explore more on this blog.
