SSL certification is one of the common security feature of any web site. There are many certificate providers are available in the market, mostly all are paid service providers. But Certbot is one of the SSL certificate provider for free of cost.
The following are the steps to create the free SSL certificate using cerbot in ubuntu OS
Step 1: Install certbot
Run the following commands in your system to install the cerbot software
cd /usr/local/sbin
sudo wget https://dl.eff.org/certbot-auto
sudo chmod a+x /usr/local/sbin/certbot-auto
Step 2: Manual Configuration
There are many ways are there to configure the cerbot. Here i am going to share the steps for manual configuration.
Run the following command for manual configuration
certbot-auto certonly --manual
Enter your email address for communication.
Requesting root privileges to run certbot...
/home/ubuntu/.local/share/letsencrypt/bin/letsencrypt
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):xxx@mytypings.com
Accept the terms & conditions.
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree
in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A
If you wish, share your email id for Electronic Frontier Foundation enter `Y`. I don’t want to share my email id. So i entered `N`.
-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: N
System will show the following success message after the configuration of cerbot
IMPORTANT NOTES:
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
Step 3: Verify your domain
Once the configuration is completed. Cerbot will ask the domain name to create the SSL certificate. In the below code, I have enterd my domain name.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel):mytypings.com
Cerbot will ask the permission to choose your system as SSL certificate generator. Hit `Y`.
-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: Y
Cerbot wants to verify the authority of that entered domain. So it will ask you to create a page in your site with particular content. Create a page in your site with that content.
Make sure your web server displays the following content at
http://yoursite.com/.well-known/acme-challenge/BwQNxr0FnTkMBP3hUqoXCO9rJXntGua4JacO6v3np8c before continuing:
BwQNxr0FnTkMBP3hUqoXCO9rJXntGua4JacO6v3np8c.xINQxAjJfEGSoh7r3k8jtzQj7kwrvAQVSkXZrSavjLQ
Step 4: Certificate Details
Thats it. The system will verity your domain and will show the following message
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/yoursite.com/fullchain.pem. Your cert will
expire on 2017-06-15. To obtain a new or tweaked version of this
certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
The success message will contain the following things
- 0000_key-certbot.pem - 2048 bits key file
- 0000_csr-certbot.pem - csr file
- fullchain.pem - Full chain file
- Expiry Date of that certificate and the renewal process details
We can use csr file or full chain file as SSL certificate.
