by Michael Hampicke
Obtaining an SSL Certificate with Certbot from Let's Encrypt
How to Obtain an SSL Certificate from Let's Encrypt Using Certbot with the Webroot Parameter for the Domain example.com
An SSL certificate from Let's Encrypt provides secure, encrypted communication between your website and its visitors. Certbot is a popular tool that simplifies the process of obtaining and renewing these certificates. In this guide, we'll walk you through the steps to obtain an SSL certificate for the domain example.com using Certbot with the webroot parameter.
Prerequisites:
- A domain name (e.g., example.com) pointed to the server where you want to install the SSL certificate.
- A web server (e.g., Apache or Nginx) installed and configured on your server. In this guide we will use Apache.
- Certbot installed on your server.
Step 1: Install Certbot
If you haven't already, install Certbot on your server. The method may vary depending on your operating system and web server. You can find specific instructions on the Certbot website: https://certbot.eff.org/.
On Debian-bases system just run this command:
apt install certbot
Step 2: Verify the DocumentRoot
Make sure you know the DocumentRoot of your domain. In this case, the DocumentRoot is /var/www/example.com/htdocs.
Step 3: Obtain the SSL Certificate
Open a terminal or command prompt and run the following command:
certbot certonly --webroot -w /var/www/example.com/htdocs -d example.com -d www.example.com
Explanation:
- certonly: Requests a new certificate but doesn't install it.
- --webroot: Use the webroot plugin for authentication.
- -w /var/www/example.com/htdocs: Specifies the webroot directory.
- -d example.com -d www.example.com: Specifies the domain names you want to secure. You can add more domains names here.
Certbot will contact Let's Encrypt, perform the necessary challenges, and obtain the SSL certificate.
Step 4: Certificate Location
Upon successful completion, the SSL certificate and private key will be stored on your server. The location is typically something like:
- Certificate: /etc/letsencrypt/live/example.com/fullchain.pem
- Private Key: /etc/letsencrypt/live/example.com/privkey.pem
Step 5: Configure Your Web Server
Update your web server configuration to use the obtained SSL certificate. The exact steps depend on your web server software. Below is an example for Apache:
<VirtualHost *:443>
ServerName example.com
DocumentRoot /var/www/example.com/htdocs
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
# Additional SSL configurations go here...
# Rest of your configuration...
</VirtualHost>
Now it's time to restart your web server and test if everything works.
# check apache configuration for errors
apachectl -t
# restart if syntax is OK
systemctl restart apache2
To perform a deep analysis of the configuration of any SSL web server on the public Internet you can use: https://www.ssllabs.com/ssltest/
Comments
Add a comment