How to install free SSL certificate on Apache2.4 / Nginx | Debian 8

Enter your domain name here:

This blog post will be parametrized for your case

Why installing SSL certificate?

SSL certificate is used for encrypting the data transfered between your website and it’s visitors. It encrypts all the data, including passwords, credit cards, files, preventing others from reading them. Nowadays browsers like Google Chrome show security alerts, when such a website has sensitive form data, and is not using SSL encryption. In this tutorial, the Coding Cat will show how to install free Let’s Encrypt SSL certificate for your website, that auto renews on Debian. On other Linux distributions the process is very similar, you can check it here: link.

Let’s Encrypt certificates expire in 90 days, but you can automate renewal, in this article we will show how. There is also a limit: 20 certificates per week. More about the limit: link.

Before installing the certificate make sure you have domain properly installed. If not, check out our tutorials How to install LAMP and How to configure a domain.

Installing certbot

First you need to add jessie-backports to your sources.list:

sudo sh -c 'sudo echo "deb http://ftp.debian.org/debian jessie-backports main" >> /etc/apt/sources.list'

Then update:

sudo apt-get update

Installing certbot for Apache:

sudo apt-get install python-certbot-apache -t jessie-backports

Installing certbot for Nginx:

sudo apt-get install python-certbot-nginx -t jessie-backports

Installing certificate for a domain

For Apache configuration run:

sudo certbot --apache

For Nginx:

sudo certbot --nginx

You should see something like this:

Certbot - choosing domain

Enter numbers of domains you want to enable HTTPS separated by commas or spaces, like “1 2 3” and press enter.

Then enter your email address, which will receive important notices from Let’s Encrypt about security issues and expiration. Then accept Terms of Service by typing “A” and pressing enter.

∗If you see an error like this (Apache):

Expected </VirtualHost> but saw </VirtualHost></IfModule>

Just add an enter to the end of your VirtualHost configuration file and try again by “sudo certbot –apache” command.

If all went well, you should be able to choose “Easy” or “Secure” mode. In “Easy” mode, all requests are allowed, http and https. With secure mode, all http requests are redirected to secure https. Choose one and press enter.

Next you should see “Congratulations! You have successfully enabled https://{domain}” message

Navigate to your website and check if https works, you can also test on ssllabs.com:

https://www.ssllabs.com/ssltest/analyze.html?d={domain}

Or sslhopper:

https://sslshopper.com/ssl-checker.html#hostname={domain}

 

Configuring auto renewal

To renew your certificates you can use a command:

sudo certbot renew

If you want to automate that, you need to register it on cron table:

sudo crontab -e

Crontab - choose an editor

Choose your editor and press enter.

Now, at the bottom, add a line:

12 3 * * * /usr/bin/certbot renew

so it looks like this:

Crontab - edit

Your auto-renewal task will be executed every day at 3:21 AM. Don’t worry, certbot will renew only certificates that are soon to expire.