Let’s encrypt is non-profit, free, and open certificate authority, or CA that is run by Internet Security Research Group or ISRG. Let’s Encrypt provides a TLS certificate & provide certificate for 90 days, which can then be renewed at any point during these 90 days without any charge what-so-ever.
The main aim of Let’s Encrypt is to make the internet secure by making SSL certificates accessible to all with ease. In this tutorial, we will learn to create a free SSL certificate using Let’s Encrypt in Linux.
Recommended Read: Beginner’s guide to NGINX SSL CONFIGURATION
So let’s start with the tutorial.
Install Certbot in Linux
We will be using certbot to create a free Let’s Encrypt SSL certificate in Linux. Let’s discuss how we can install certbot on various Linux distros.
For their distributions, we need to have snap package manager installed, as the certbot packages are maintained on snap repositories.
The Snap package manager is installed on all the new versions of Ubuntu. If you are still using an older version of Ubuntu, then you can install the snap package manager using the following command,
$ sudo apt-get install snapd
Once the snap is installed, we can then install certbot on the system. But before we do that, just make sure that there are not any other versions of certbot installed on the system, & if they are, we need to remove them,
$ sudo apt-get remove certbot
Now install the certbot with the help of snap,
$ sudo snap install –classic certbot
For CentOS & RHEL, we need to have an EPEL repository on the system to install certbot. Install the EPEL repository using the following command,
# yum install epel-release
Now we can install the certbot with the following command,
# yum install certbot
Now let’s proceed ahead with the SSL creation.
Create free SSL certificate using Let’s Encrypt in Linux
Now when the certbot has been installed, we can create the free SSL certificate using Let’s Encrypt in Linux with the following command,
$ sudo certbot certonly -d thelinuxgurus.com –manual –preferred-challenges dns
See the screenshot above, mainly the highlighted part. I know the cert was not created for my domain as i already have a SSL cert & did not want to add a TXT record in DNS. But if you need an SSL certificate, you must prove the domain ownership by adding the TXT DNS record as mentioned for you, when you run the command.
Once you have added the record, wait for some time as DNS records can take some time to propagate successfully. After that press ENTER to confirm & verify the DNS record to create a certificate successfully.
Once the certificate is created, you can manually install the certificate on a web server of your choice or on WordPress using CPanel, etc.
If you need to renew the certificate, then you can run the following command,
$ sudo certbot renew
You can also dry run to simulate the certificate renewal with the following command,
$ sudo certbot renew –dry-run
This completes our tutorial on how to create a free SSL certificate using Let’s Encrypt in Linux.