Website security is generally most complicated and expensive task for every Linux admin. Let's Encrypt is a free, automated, and open certificate authority that provides free X.509 certificates for Transport Layer Security encryption via an automated process. It's very complex process to install and add SSL certificate to a web server.
Let's make it easier with the help of Let's Encrypt. One can easily encrypt data of your website free of charge using Let's Encrypt.
If your Site is running on Apache, run this below one to enable ssl..
sudo a2enmode sslsudo a2ensite default-sslNext restart the apache webserver
sudo systemctl restart apache2If you hit your domain, you will see
Your Connection is not Secured
Download and Install Let's Encrypt
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencryptNext generate the Certificate
cd /opt/letsencryptsudo ./letsencrypt-auto --apache -d http://kkk.comDuring installation you will need to specify your E-mail address and also agree to the terms of service.
Once completed, One can see list all of certificate files at /etc/letsencrypt/live directory..
And you can access https://kkk.com
You can also verify the status of your SSL certificate by visiting the URL https://www.ssllabs.com/ssltest/analyze.html?d=yourdomain.com&latest
How to Renew Lets Encrypt Certificates ??
By default, SSL certificates issued by Let's Encrypt are valid for 90 days. So it is recommended to renew the certificate before the expiration date.
You can renew the SSL certificates manually
cd /opt/letsencryptsudo ./letsencrypt-auto certonly --renew-by-default -d kkk.comto Automate this process, lets have the Cron job for this to do..
sudo nano /etc/crontab@monthly root /opt/letsencrypt/letsencrypt-auto certonly --renew-by-default -d kkk.com
Save this file and Every month, this cron job would run..
Upgrade Let's Encrypt
cd /opt/letsencryptPull the latest changes from the git repository..
Cheers :)
