by Michael Hampicke

Web servers

Obtaining an SSL Certificate with Certbot from Let's Encrypt

How to Obtain an SSL Certificate from Let's Encrypt Using Certbot with the Webroot Parameter for the Domain example.com

An SSL certificate from Let's Encrypt provides secure, encrypted communication between your website and its visitors. Certbot is a popular tool that simplifies the process of obtaining and renewing these certificates. In this guide, we'll walk you through the steps to obtain an SSL certificate for the domain example.com using Certbot with the webroot parameter.

Prerequisites:

  1. A domain name (e.g., example.com) pointed to the server where you want to install the SSL certificate.
  2. A web server (e.g., Apache or Nginx) installed and configured on your server. In this guide we will use Apache.
  3. Certbot installed on your server.

Step 1: Install Certbot

If you haven't already, install Certbot on your server. The method may vary depending on your operating system and web server. You can find specific instructions on the Certbot website: https://certbot.eff.org/.

On Debian-bases system just run this command:

apt install certbot

Step 2: Verify the DocumentRoot

Make sure you know the DocumentRoot of your domain. In this case, the DocumentRoot is /var/www/example.com/htdocs.

Step 3: Obtain the SSL Certificate

Open a terminal or command prompt and run the following command:

certbot certonly --webroot -w /var/www/example.com/htdocs -d example.com -d www.example.com

Explanation:

  • certonly: Requests a new certificate but doesn't install it.
  • --webroot: Use the webroot plugin for authentication.
  • -w /var/www/example.com/htdocs: Specifies the webroot directory.
  • -d example.com -d www.example.com: Specifies the domain names you want to secure. You can add more domains names here.

Certbot will contact Let's Encrypt, perform the necessary challenges, and obtain the SSL certificate.

Step 4: Certificate Location

Upon successful completion, the SSL certificate and private key will be stored on your server. The location is typically something like:

  • Certificate: /etc/letsencrypt/live/example.com/fullchain.pem
  • Private Key: /etc/letsencrypt/live/example.com/privkey.pem

Step 5: Configure Your Web Server

Update your web server configuration to use the obtained SSL certificate. The exact steps depend on your web server software. Below is an example for Apache:

<VirtualHost *:443>
    ServerName example.com
    DocumentRoot /var/www/example.com/htdocs

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem

    # Additional SSL configurations go here...

    # Rest of your configuration...
</VirtualHost>

Now it's time to restart your web server and test if everything works.

# check apache configuration for errors
apachectl -t

# restart if syntax is OK
systemctl restart apache2

To perform a deep analysis of the configuration of any SSL web server on the public Internet you can use: https://www.ssllabs.com/ssltest/

Comments

Add a comment

Please calculate 3 plus 3.