Configuring the free SSL provider for your HTTP server is now a fundamental step for any website operator. This guide outlines the key procedures to deploy a secure certificate using Certbot.
Prerequisites and Initial Setup
Before beginning the configuration, ensure your machine has a reachable domain pointing to it. You will need administrator rights and a web server like Caddy. The Certbot package must be installed via your distribution's package manager. For example, on Debian, run: `sudo apt install certbot` or `sudo yum install certbot`.
Obtaining the Certificate
The recommended method is to use the webroot plugin. For Apache, the `--apache` or `--nginx` plugin can automatically modify your virtual host. Run: `sudo certbot --apache -d example.com -d www.example.com`. This triggers the ACME challenge. If you prefer here manual control, use: `sudo certbot certonly --webroot -w /var/www/html -d example.com`. This places a token in your document root.
Web Server Configuration Adjustments
After obtaining the certificate, you must modify your virtual host to reference the correct paths. For Apache, the typical directives are:
- ssl_certificate: `/etc/letsencrypt/live/example.com/fullchain.pem`
- ssl_certificate_key: `/etc/letsencrypt/live/example.com/privkey.pem`
Ensure you activate HTTPS forwarding from HTTP to HTTPS. A 301 redirect is recommended. For Apache, include a `return 301 https://$host$request_uri;` or use `RewriteEngine On` with `RewriteRule`.
Automated Renewal and Verification
Let's Encrypt certificates last 90 days. The client sets up a cron job to renew them automatically. To simulate the renewal process, run: `sudo certbot renew --dry-run`. Review your certbot logs for warnings. If the renewal does not work, investigate for port 80 issues.
Security Hardening (Optional but Recommended)
To improve security, enable HSTS by adding `add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;` in your server block. Also, remove TLS 1.0 and use modern ciphers. A solid configuration protects your visitors from downgrade attacks.
By adhering to these steps, your site will be secured with a free Let's Encrypt certificate, guaranteeing integrity for every session.