This article will show you how to install CertBot on Ubuntu 20.04 to create free SSL Certificate for your domains.
How to Install Certbot on Ubuntu
What is CertBot?
Generally We would need some secured communication on HTTPS when traffic comes over the internet, that requires a digital SSL certificate. So browsers verifies the identity of any web servers. These Web servers get their SSL certificates from trusted third parties, they are called certificate authorities (CA). So Certbot is the best and easiest tool that will help us to get SSL certificates from Let's Encrypt and that can deployed to your web servers like nginx, apache, wordpress, self hosted cloud servers.
These SSL certificates cereted by Certbot will be expired in 90 days, hence we would need to renew these SSL certificates for every 90 days or we can automate these certificate renewal using any modern tools like ansible, scriptings, web hooks.
Install CertBot on Ubuntu
Its not necessary that you have to install these Certbot tool in the web server or the application where installed. We can install this Certbot in any server, but we have to create a file on the server's document root for the verification purpose. Once verification is done, certbot will give you the free SSL certificates that can be copied to your actual web servers.
So Let's see how to install Certbot on Ubuntu.
Use the apt-cache command to search and confirm you have the package called Certbot available on the server to install it.
selva@ubuntu20.04:~$ sudo apt-cache policy certbot
certbot:
Installed: (none)
Candidate: 0.40.0-1ubuntu0.1
Version table:
0.40.0-1ubuntu0.2 500
500 https://archive1.ubuntu.com/ubuntu focal-updates/universe amd64 Packages
500 http://archive1.ubuntu.com/ubuntu focal-updates/universe i386 Packages
0.40.0-2 500
500 https://archive1.ubuntu.com/ubuntu focal/universe amd64 Packages
500 https://archive1.ubuntu.com/ubuntu focal/universe i386 Packages
Above command output shows some versions available in the version table along with package details, so we can install certbot on Ubuntu.
use apt-get command to install certbot as below.
selva@ubuntu20.04:~$ sudo apt-get -y install certbot
Reading package lists… Done
Building dependency tree
Reading state information… Done
OUTPUT TRIMMED…….
Created symlink /etc/systemd/system/timers.target.wants/certbot.timer → /lib/systemd/system/certbot.timer.
Processing triggers for man-db (2.9.1-1) …
Verify the CertBot package is installed or not.
selva@ubuntu20.04:~$ sudo dpkg -l | grep -i certbot
ii certbot 0.40.0-1ubuntu0.2
ii python3-certbot 0.40.0-1ubuntu0.2
if you get the output as above, then the certbot package is installed successfully.
lets see how to create SSL certificate for our domains.
use the below certbot command for any specific domain, that will prompt you for basic informations about the domain name and will ask you to create a verification file. Just follow the instructions given in the command output.
selva@ubuntu20.04:~$ sudo certbot certonly --manual -d nginx1.learnitguide.net
Saving debug log to /var/log/letsencrypt/letsencrypts.log
Plugins selecteds: Authenticator manual, Installer None
Enter mail address (used for security notices and urgent renewal) (Enter 'c' to
cancel): mail@learnitguide.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms and Conditions, OUTPUT TRIMMED....
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
Share your email address - OUTPUT TRIMMED...
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining new SSL certificate
Perform following challenges:
http-01 challenge for nginx1.learnitguide.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged - OUTPUT TRIMMED..
Are you OK for your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create a file containing just this data:
37PrGaP9wFR-TweYNfwEFUhLffw3fLBPCdhOBMUL8EU.acGYTQLAcZqzo6tATPgM2RF0JveHf0lHunXPH0rcrEA
And make it available on your web server at this URL:
http://nginx1.learnitguide.net/.well-known/acme-challenge/47PrGaP9wFR-TweYNfwEFUhLffw3fLBPCdhOBMUL8EU
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
At this point, Dont press enter. Go to the target server's document root and create a files with the content given in the above output. Lets say my document root on the web server is /var/www/html.
sudo mkdir -p /var/www/html/.well-known/acme-challenge/
sudo echo "37PrGaP9wFR-TweYNfwEFUhLffw3fLBPCdhOBMUL8EU.acGYTQLAcZqzo6tATPgM2RF0JveHf0lHunXPH0rcrEA" > 47PrGaP9wFR-TweYNfwEFUhLffw3fLBPCdhOBMUL8EU
Once this file is created, you can come back to the certbot command and hit enter to continue to proceed the verification.
Final Output:
Waiting for verification...
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/learnitguide.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/learnitguide.net/privkey.pem
Your cert will expire on 2022-06-28. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
We have got our free SSL Certificates created using certbot tool and saved in the directory given above.
FullChain is available in /etc/letsencrypt/live/learnitguide.net/fullchain.pem
Private key is available in /etc/letsencrypt/live/learnitguide.net/privkey.pem
Certificate will be expired in 90 days.
How to renew SSL Certificates using CertBot?
As said before, certbot tool can help you to get free SSL Certificate completely free for 90 days only. We need to again renew the certificates using certbot with simple command as below.
sudo certbot certonly --force-renew -d nginx1.learnitguide.net
Hope this article helped you to understand how to install certbot on Ubuntu for free SSL Certificates.
If you are interested in learning, Request you to go through the below recommended tutorial.
DevOps Full Course Tutorial for Beginners - DevOps Free Training Online
Docker Full Course Tutorial for Beginners - Docker Free Training Online
Kubernetes Full Course Tutorial for Beginners - Kubernetes Free Training Online
Ansible Full Course Tutorial for Beginners - Ansible Free Training Online
Openstack Full Course Tutorial for Beginners - Openstack Free Training Online
Keep practicing and have fun. Leave your comments if any.
Support Us: Share with your friends and groups.
Stay connected with us on social networking sites, Thank you.
YouTube | Facebook | Twitter | Pinterest | Telegram
0 تعليقات