Setting up free Let's Encrypt SSL certificates on Ubuntu

In this article, we will walk you through the step-by-step process of creating SSL certificates for a fictitious domain (including www subdomain) and alternatively a wildcard certificate and switching all server traffic to HTTPS. Let's get started!

Step 1: Preparations

Before we begin, make sure you have an Ubuntu server with Certbot installed. You can install Certbot if it is not already installed using the following command:

sudo apt-get update
sudo apt-get install certbot python3-certbot-apache

Step 2: Generate an SSL certificate for your domain

To generate an SSL certificate for your domain, run the following command, replacing yourdomain.com through your actual domain:

sudo certbot --apache -d deinedomain.com -d www.deinedomain.com

Certbot will now guide you through a configuration process to create the SSL certificates and integrate them into your Apache server. You will be asked for contact information to inform you about expiration or problems with the certificate.

Step 3: Add a wildcard certificate (optional)

If you want to create a wildcard certificate for your domain to cover subdomains, you can use the following command. Replace yourdomain.com through your actual domain:

sudo certbot certonly --server https://acme-v02.api.letsencrypt.org/directory -d deinedomain.com,*.deinedomain.com

This command creates a wildcard certificate for your domain and its subdomains.

Step 4: Force the use of HTTPS

To force all server traffic over HTTPS, open the Apache configuration file for your domain:

sudo nano /etc/apache2/sites-available/deinedomain.com.conf

Add the following lines to the configuration file, just before the </VirtualHost>-Diploma:

<VirtualHost *:80>
    ServerName deine-domain.de
    ServerAlias www.deine-domain.de
    Redirect permanent / https://deine-domain.de/
</VirtualHost>

<VirtualHost *:443>
    ServerName deine-domain.de
    ServerAlias www.deine-domain.de

    # Restliche HTTPS-Konfiguration hier
</VirtualHost>

Save and close the file. Then activate the changed configuration and reload the Apache server:

sudo a2ensite deinedomain.com
sudo systemctl reload apache2

Step 5: Automate certificate renewal

Let's Encrypt certificates are only valid for 90 days, so it's important to automate renewal. This is already configured during Certbot installation, but you can verify it by running the following command:

sudo systemctl status certbot.timer

Make sure the timer is activated and working properly.

Conclusion

Congratulations! You have successfully created free Let's Encrypt SSL certificates for your domain and optionally a wildcard certificate and switched all server traffic to HTTPS. Your website is now secure and encrypted.

If you have any further questions or problems, do not hesitate to contact us. We will be happy to help you. Thank you for reading this article, and good luck with your secure web server!