Usually when you need to obtain an SSL Certificate, you may have found yourself going to one of the major certificate authorities. Of which some of those include Symantec, Digicert, Network Solutions, or Go Daddy. All of these are trusted providers for SSL Certificates. Browsers tend to trust these authorities over a self-signed certificate because there is some sort of validation process happening to ensure everything is on the up-and-up when it comes to SSL Encryption. Most SSL Certificate Authorities will even provide you with some sort of insurance if something goes wrong and the SSL Encryption is broken. For that reason, you may end up paying upwar
ds of $100 – $500 per year for the SSL Certificate.
To obtain a free SSL Certificate, you also have the option to self sign your own SSL Certificate. By self signing your own SSL Certificate, you may notice that browsers react badly to your SSL Cert as compared to one you may purchase from a Certificate Authority. Some browsers may even block users from getting to your site because the browser doesn’t recognize your SSL Cert as coming from a trusted provider.
A third option is to find an SSL Certificate Authority who offers SSL Certificates as a free service. Enter Let’s Encrypt! Let’s Encrypt is known as an open certificate authority. A certificate generated by the Let’s Encrypt software is only good for about 60 days, in which you will have to renew it. One of the great things about Let’s Encrypt is that they provide you with an automated way of creating and renewing your certificates. And it all runs in the background!!
Installing Let’s Encrypt on Ubuntu 16.04
- Add the repository
sudo add-apt-repository ppa:certbot/certbot
- Get the updated references to the repository you just added
sudo apt-get update
- Install Certbot
sudo apt-get install python-certbot-apache
- Add the repository
Setting up Let’s Encrypt
Certbot makes it really easy to generate certificates for which ever domains you are hosting on your Ubuntu 16.04 web server. If you using the same certificate for multiple domains, you will need to indicated that in the following command:
sudo certbot --apache -d example.com -d www.example.com
That it! You’ve created your certificate and your server should be all setup to use the domain you created. At this point, you will want to run two more checks.
- Ensure that your SSL Certificate is properly setup
- Verify that the renewal process will not have any issues generating the new certificate.
sudo certbot renew --dry-run