SSL Certificates with Let's Encrypt (Quick Guide)

Install Let’s Encrypt’s Certbot Client

apt install certbot -y

Register your mail address for notifications about your certs

sudo certbot register --agree-tos --email <your-email-address>

Generate Certificates

  1. Create cli.ini

Enter your mail address used to register with certbot

/bin/cat <<EOM >$FILE
rsa-key-size = 4096
email = <your-email-address>
agree-tos = True
authenticator = webroot
post-hook = service apache2 reload
  1. Create

Replace the example with your domain name

/bin/cat <<EOM >$FILE
# export makes the variable available for all subprocesses


# Assumes that and are the domains
# that you want a certificate for
export DOMAINS="-d -d"

"$LE_PATH/$LE_CB" certonly --config /etc/letsencrypt/cli.ini "$DOMAINS" # --dry-run

chmod +x /etc/letsencrypt/cli.ini
  1. Generate your certificate.

Replace the string with your domain name

sudo /etc/letsencrypt/<your-domain-name>.sh

Now you shuld see similar output:

Congratulations! Your certificate and chain have been saved at:
    Your key file has been saved at:

  1. Write down the file paths and enter them in your default-ssl.conf located at

  2. Replace the strings in these lines with your newly obtained certificates so it looks like this:

SSLCertificateFile      /etc/letsencrypt/certs/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/certs/privkey.pem
  1. Now Enable SSL for your Server
sudo a2enmod ssl
sudo a2ensite default-ssl
sudo service apache2 reload
  1. Redirect all unencrypted traffic to HTTPS

Enter this line (adjust for your domain name) in your 000-default.conf somewhere below this line
<VirtualHost *:80>

Redirect permanent /

Like this for example:

<VirtualHost *:80>

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/owncloud
        Redirect permanent /

Restart your web server to apply the changes:

service apache2 restart

Now if you enter the domain name or the IP address of your server you should be redirected to the HTTPS site of your domain.