Let’s Encrypt for Apache on Ubuntu (14.04 or above)

Last time we covered Purchase certificate from traditional CA.
Now with Let’s Encrypt, we can request free certificate, and install/renew them automagically.

Updated Aug 2018: Install from PPA is now required as version in Ubuntu repository no longer works

1. Install letsencrypt package with Apache plugin

2. Request certificate and install it automagically

3. Add auto-renew to crontab to run once every month

Certificates issues by Let’s Encrypt are valid for 90 days and open to renew 30 days before expire.

Let’s run renew command every-day

crontab -e, add the following line

Extra 1. If your are curious what changes applied to Apache config:

Extra 2. Test with SSLLabs, you should able to get an A grade:

Extra 3. Enable HSTS (If your application support HTTPS only):

With HSTS enabled, you should able to get A+ grade with SSLLabs

One Reply to “Let’s Encrypt for Apache on Ubuntu (14.04 or above)”

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.