Website security is generally most complicated and expensive task for every Linux admin. Let's Encrypt is a free, automated, and open certificate authority that provides free X.509 certificates for Transport Layer Security encryption via an automated process. It's very complex process to install and add SSL certificate to a web server.
Let's make it easier with the help of Let's Encrypt. One can easily encrypt data of your website free of charge using Let's Encrypt.
If your Site is running on Apache, run this below one to enable ssl..
sudo a2enmode ssl
sudo a2ensite default-ssl
Next restart the apache webserver
sudo systemctl restart apache2
If you hit your domain, you will see
Your Connection is not Secured
Download and Install Let's Encrypt
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
Next generate the Certificate
cd /opt/letsencrypt
sudo ./letsencrypt-auto --apache -d http://kkk.com
During installation you will need to specify your E-mail address and also agree to the terms of service.
Once completed, One can see list all of certificate files at /etc/letsencrypt/live
directory..
And you can access https://kkk.com
You can also verify the status of your SSL certificate by visiting the URL https://www.ssllabs.com/ssltest/analyze.html?d=yourdomain.com&latest
How to Renew Lets Encrypt Certificates ??
By default, SSL certificates issued by Let's Encrypt are valid for 90 days. So it is recommended to renew the certificate before the expiration date.
You can renew the SSL certificates manually
cd /opt/letsencrypt
sudo ./letsencrypt-auto certonly --renew-by-default -d kkk.com
to Automate this process, lets have the Cron job for this to do..
sudo nano /etc/crontab
@monthly root /opt/letsencrypt/letsencrypt-auto certonly --renew-by-default -d kkk.com
Save this file and Every month, this cron job would run..
Upgrade Let's Encrypt
cd /opt/letsencrypt
Pull the latest changes from the git repository..
Cheers :)