SSL Certificates with Let's Encrypt (Quick Guide)

FAQ
1

Install Let’s Encrypt’s Certbot Client

apt install certbot -y

Register your mail address for notifications about your certs

sudo certbot register --agree-tos --email <your-email-address>

Generate Certificates

  1. Create cli.ini

Enter your mail address used to register with certbot

FILE="/etc/letsencrypt/cli.ini"
/bin/cat <<EOM >$FILE
rsa-key-size = 4096
email = <your-email-address>
agree-tos = True
authenticator = webroot
post-hook = service apache2 reload
EOM
  1. Create domain.sh

Replace the example with your domain name

FILE="/etc/letsencrypt/cli.ini"
/bin/cat <<EOM >$FILE
#!/bin/bash
# export makes the variable available for all subprocesses

LE_PATH="/usr/bin"
LE_CB="certbot"

# Assumes that example.com www.example.com and subomain.example.com are the domains
# that you want a certificate for
export DOMAINS="-d example.com -d www.example.com"

"$LE_PATH/$LE_CB" certonly --config /etc/letsencrypt/cli.ini "$DOMAINS" # --dry-run
EOM

chmod +x /etc/letsencrypt/cli.ini
  1. Generate your certificate.

Replace the string with your domain name

sudo /etc/letsencrypt/<your-domain-name>.sh

Now you shuld see similar output:

Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/your-domain-name.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/your-domain-name.com/privkey.pem

  1. Write down the file paths and enter them in your default-ssl.conf located at
    /etc/apache2/sites-available/default-ssl.conf

  2. Replace the strings in these lines with your newly obtained certificates so it looks like this:

SSLCertificateFile      /etc/letsencrypt/certs/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/certs/privkey.pem
  1. Now Enable SSL for your Server
sudo a2enmod ssl
sudo a2ensite default-ssl
sudo service apache2 reload
  1. Redirect all unencrypted traffic to HTTPS

Enter this line (adjust for your domain name) in your 000-default.conf somewhere below this line
<VirtualHost *:80>

Redirect permanent / https://example.com/

Like this for example:

<VirtualHost *:80>

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/owncloud
        Redirect permanent / https://my.awesome.website.com/

Restart your web server to apply the changes:

service apache2 restart

Now if you enter the domain name or the IP address of your server you should be redirected to the HTTPS site of your domain.