Let’s Encrypt for Apache on Ubuntu 16.04/14.04

Last time we covered Purchase certificate from traditional CA.
Now with Let’s Encrypt, we can request free certificate, and install/renew them automagically.


1. Install letsencrypt package with Apache plugin

2. Request certificate and install it automagically

3. Add auto-renew to crontab to run once every month

Certificates issues by Let’s Encrypt are valid for 90 days and open to renew 30 days before expire.

Let’s run renew command every-day

vim ~/letsencrypt-renew.sh

crontab -e, add the following line

chmod +x ~/letsencrypt-renew.sh

Little Explanation: The shell script wrapper set environment path to avoid PATH related problem

1. Install letsencrypt package with Apache plugin

2. Request certificate and install it automagically

3. Add auto-renew to crontab to run once every month

Certificates issues by Let’s Encrypt are valid for 90 days and open to renew 30 days before expire.

Let’s run renew command every-day

vim ~/letsencrypt-renew.sh

crontab -e, add the following line

chmod +x ~/letsencrypt-renew.sh

Little Explanation: The shell script wrapper set environment path to avoid PATH related problem

Extra 1. If your are curious what changes applied to Apache config:

Extra 2. Test with SSLLabs, you should able to get an A grade:

Extra 3. Enable HSTS (If your application support HTTPS only):

With HSTS enabled, you should able to get A+ grade with SSLLabs

One Reply to “Let’s Encrypt for Apache on Ubuntu 16.04/14.04”

Leave a Reply

Your email address will not be published.