Home / ubuntu / Questions / 1369524
Accepted
Pedroski
Asked: 2021-10-16 18:22:58 +0800 CST

Is certbot a good way to get https:// certificates?

  • 772

I am setting up a cloud server using Ubuntu 20.04 Server.

I will never have many visitors, just my students doing homework.

I want to enable https:// access.

I found this page.

Is certbot a good way to go??

I have never done this before.

apache2

1 Answers

  1. Best Answer

    Good is subjective? Does it mean easy? Quick? Free? I think Let's Encrypt is good, but that is just my opinion.

    Before I properly answer the question, I need to clarify something. Let's Encrypt is a free trusted certificate authority that issues SSL certificates. Certbot is the tool that Let's Encrypt recommends to actually get, and automatically set up, the certificates.

    Let's Encrypt does have some issues, but for a small site ran by an Apache server, for a few people, it should be fine. If you are curious, take a look at this Security SE question that explains potential issues with Let's Encrypt.

    To enable https://, you need to get a certificate trusted by your client's computers*.

    There are plenty of guides out there, but I suggest the official one, as it is pretty good. I'm assuming you have SSH (or shell) access to your Apache server, and that it is publically accessible. Head over to the Cerbot website. Fill out what your server is running on. For this answer, I selected Apache and Ubuntu 20.04 based on your question, but you should select whatever is correct for you.

    This is a shortened version of the directions from the Certbot guide for Apache on Ubuntu 20.04.

    1. Make sure Snap is installed. If you have Ubuntu 20.04 (or most supported versions of Ubuntu) it is. If not, check out these directions from the Snapcraft website.
    2. Run this to install the snap core and update if needed sudo snap install core && sudo snap refresh core
    3. Install Certbot sudo snap install --classic certbot
    4. Make sure it can be run by linking it to the /usr/bin folder sudo ln -s /snap/bin/certbot /usr/bin/certbot

    If you want it to auto-install the certificate, run sudo certbot --apache. If you prefer to make the changes to the config file yourself, run sudo certbot certonly --apache. The Let's Encrypt certificates expire after 90 days. So, it can automatically renew them for you. Run sudo certbot renew --dry-run to test auto-renewal. If it works fine (without errors) then auto-renewal is good to go.

    Reboot the server, and then your website should work with https.

    *Technically, you could make your own, but it would display in their browsers that it isn't trusted, so you really shouldn't.

    • 5