Serverspace is Launching a New Flexible Plan for Everyone

How to Get Let's Encrypt SSL on Ubuntu 20.04

Joe Harris
September 20, 2020

SSL/TLS encryption is an integral part of the network infrastructure. Any web and mail server allows you to enable data encryption. In this article, we will look at the process of obtaining a free SSL certificate Let’s Encrypt.

As initial conditions, you must have a domain name. Its DNS A-record must contain the public address of your server. If the firewall is enabled, open access for HTTP and HTTPS traffic.

sudo ufw allow 80
sudo ufw allow 443

Step 1 – Installing the «Let’s Encrypt» package

The process of installing the «Let’s Encrypt» package with all its dependencies is extremely simple. To do this, enter the command:

sudo apt install letsencrypt

Along with the «Let’s Encrypt» package, this command also installs the «certbot.timer» utility for automatic certificate renewal. It checks the validity of SSL certificates in the system twice a day and extends those that expire in the next 30 days. To make sure that it is running, enter:

sudo systemctl status certbot.timer
There are different configurations and conditions for obtaining a certificate. Let’s look at some of them.

Step 2 – Standalone server for getting the «Let’s Encrypt» SSL certificate

The easiest way to get an ssl certificate is to use a standalone option in Certbot. Replace with your domain name, run the command, and follow the instructions:

sudo certbot certonly --standalone --agree-tos --preferred-challenges http -d

The certonly option means that the certificate will only be obtained without installation on any web server, standalone allows you to start your own web server for authentication, agree-tos means acceptance of the ACME server subscription agreement, which is a prerequisite, and preferred-challenges http means performing authorization using HTTP.

Step 3 – Automatic installation of the SSL certificate on nginx and Apache web servers

Certbot can automatically install the certificate on nginx and Apache web servers. To do this, you need to install an additional package and choose the appropriate one for your web server.

apt install python3-certbot-nginx
apt install python3-certbot-apache

Run this command for nginx:

sudo certbot --nginx --agree-tos --preferred-challenges http -d

Or this for Apache:

sudo certbot --apache --agree-tos --preferred-challenges http -d

Follow the instructions and Certbot will install an SSL certificate for you.

Step 4 – «Let’s Encrypt» Wildcard SSL certificate

To create a wildcard certificate, the only possible challenge method is DNS. In the d parameter, you must specify both the bare domain and wildcard.

sudo certbot certonly --manual --agree-tos --preferred-challenges dns -d -d *

After that, place the specified TXT record on your DNS server and click continue.

If everything is well, you will see the path where your new wildcard certificate is stored and some other information.

Start Your Cloud Journey Migration made simplified. Take the first step right now.
We use cookies to provide our services and for analytics and marketing. To find out more about our use of cookies, please see our Privacy Policy. By continuing to browse our website, you agree to our use of cookies.