Quickly Get LetsEncrypt Certificates for Apache2 on Ubuntu 17.04 /17.10

This brief tutorial shows students and new users how to quickly obtain LetEncrypt SSL/TLS certificates for your domain using Apache2 webserver on Ubuntu 17.04 | 17.10 systems. For those who don’t know, LetEncrypt is an opensource initiative to provide free SSL certificates to anyone with valid domains.

With LetEncrypt, you will never have to pay for another SSL/TLS certificate again. This post you’re ready today is encrypted via LetEncrypt and renewed every 60 days automatically.

So, if you’re running Ubuntu 17.04 | 17.10 with Apache2 installed, follow the steps below to get a free SSL/TLS certificates for your domains.

Step 1: Get Ubuntu / Apache2

This post assumes that you already have Ubuntu server with Apache2 webserver installed. If not, search this blog to find tutorials on installing Ubuntu and Apache2.

Or run the commands below to install Apache2

sudo apt-get install apache2

After installing Apache2, the commands below can be used to stop, start and enable Apache2 to always startup when the server boots.

sudo systemctl stop apache2.service
sudo systemctl start apache2.service
sudo systemctl enable apache2.service

Step 2: Installing LetEncrypt SSL/TLS Management Package

On Ubuntu systems, simply run the commands below to get LetEncrypt package. The package can then be used to obtain certificates for your domains.

sudo apt-get install python-certbot-apache

After running the commands above, your system should be ready to obtain certificates. But before you run the commands to obtain certificates, verify that the your domain name is setup in Apache2.

Step 3: Obtaining LetsEncrypt Certificates

To obtain LetEncrypt SSL/TLS certificates, run the commands to open Apache2 configuration file and add the domain names directives.

sudo nano /etc/apache2/sites-available/000-default.conf

Then verify that these lines are included

ServerName       example.com
ServerAlias      www.example.com

After verifying that information, run the commands below to obtain your certificates.

sudo certbot --apache -m admin@example.com -d example.com -d www.example.com

Replacing www.exmaple.com and example.com with your domain name.

When you run the commands above, you must accept the terms.. Type A to accept.

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
(A)gree/(C)ancel: A

You may also want to share your email with the Electronic Frontier Foundation..

Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
(Y)es/(N)o: Y

Now all you do is sit back and relax.. LetsEncrypt will install and configure Apache2 with a valid SSL/TLS certificate. To correctly Apache2 up to handle all redirects to HTTPS, select option #2

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):2

This is how easy it is to setup LetEncrypt SSL/TLS for Apache2 on Ubuntu 17.04 | 17.10 systems.

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your cert will expire on 2018-02-24. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

To get setup a process to automatically renew the certificates, add a cron job to execute the renewal process.

sudo crontab -e

Then add the line below and save.

0 1 * * * /usr/bin/certbot renew & > /dev/null

The cron job will attempt to renew 30 days before expiring.


This post shows students and new users how to easily install and obtain LetEncrypt SSL certificates for Apache2 on Ubuntu system. After setting it up, you’ll never have to pay for certificates again.


You may also like the post below:

One Reply to “Quickly Get LetsEncrypt Certificates for Apache2 on Ubuntu 17.04 /17.10”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.