Install SSL Certificate(s) using (certbot) Let’s Encrypt

certbot is a program for installing, updating and removing SSL certificates provided by Let's Encrypt. Let's Encrypt is a non-profit organization that provides free SSL certificates.

This tutorial assumes you are using an Apache web server.

Checklist

  1. An SSL certificate can not be granted to a site that has not been properly configured and enabled. (Apache server errors will prevent Certbot from working.)
  2. Certbot requires a "fully qualified" and accessible domain name (example.com) or sub-domain name (e.g. blog.example.com). You can not use a machine name (e.g. localhost) or IP address.
  3. You can not create a certficate for a domain name that doesn't point to your server. If you have recently made any DNS changes to your domain name(s), make sure that your domain name(s) actually point to your server.

Install Certbot

apt install certbot python-certbot-apache

certbot -- A program for managing SSL certificates provided by Let's Encrypt. python-certbot-apache -- A program needed to make "certbot" compatible with your Apache web server.

Install SSL Certificate(s)

Syntax

certbot --apache -d example.com

-apache -- A flag that tells certbot to look for an Apache web server. -d -- The domain flag is followed by the domain name(s) that will be receiving an SSL certificate.

Note: You can create certficiates for additional domain names whenever you want.

Example #1 (Single Domain Name)

certbot --apache -d example.com

Example #2 (Multiple Domain Names)

certbot --apache -d example.com blog.example.com mystore.com

Answer The Questions

You will be prompted to answer a few questions. No personal information is mandatory.

Redirect

You will be asked if you want to automatically redirect your domain name. If your domain name is example.com, typing example.com (or http://example.com) into a web browser's address bar will redirect the user to http**s*://example.com.

Once you have enabled redirection, make sure to update the URL settings for server side software (e.g. WordPress) to use URLs with the "https" protocol.

A Word of Advice

When a bunch of domain names are used in a single command, all of those domain names share a single certificate. I recommend creating seperate certificates for each domain name, which means running certbot with only one domain listed and then run it again for another name and so on. Why? Because it's easier to make changes when each domain has its own certificate.

If, for some reason, you want to remove or re-install a domain name that's using a shared certificate, things can get messy very quickly.