![\"Let's](\"https:\/\/www.upcloud.com\/support\/wp-content\/uploads\/2016\/01\/Lets-Encrypt-1024x410.png\")
<\/p>\nImproving\u00a0your website security through encryption, even on the most basic servers, can increase your visitors\u2019 trust in your site and your ability to run it. Setting up encryption on your web host has generally been complicated and expensive, which\u00a0often deters administrators whose web applications might not depend on user input. Let\u2019s Encrypt aims to change this by making implementing encryption on any website easier. They are an open and free project that allows obtaining and installing of certificates through simple, automated, commands.<\/p>\n
<\/p>\n
<\/p>\n
Let\u2019s Encrypt is\u00a0a new Certificate Authority capable of issuing certificates cross-signed by IdentTrust, which allows their end certificates to be accepted by all major browsers. This guide outlines the steps for installing\u00a0their\u00a0letsencrypt<\/tt>\u00a0client<\/a>\u00a0version 0.4.1-1 and how to use it to manage certificates on Ubuntu 16.04 cloud server running Apache2.<\/p>\n Let\u2019s Encrypt greatly simplifies server management by automating obtaining certificates and configuring web services to use them. The client is fully-featured and extensible for the Let\u2019s Encrypt Certificate Authority\u00a0or any other CA that uses the\u00a0ACME<\/a>\u00a0protocol.<\/p>\n The client is available with the Ubuntu package manager and can be installed with the following command. You will naturally also need Apache2 itself which is also included below.<\/p>\n Once installed, you can use the next command to see test the client is working correctly.<\/p>\n Given that the help command works, you are ready to continue on with obtaining and installing a certificate.<\/p>\n Let\u2019s Encrypt validates the domain it is installed on similarly to a traditional CA process by identifying the server administrator via a public key. The client generates a new key pair when interacting with the Let\u2019s Encrypt servers for the first time, and then aims to prove to the CA that the host has control over a particular\u00a0domain by at least one of the two following ways:<\/p>\n On top of one of the two challenges, the client also must sign a nonce with its private key to prove it controls that key pair.<\/p>\n To help the Let\u2019s Encrypt client accomplish these tasks it supports a number of plugins that can be used to obtain or install certificates. With\u00a0Apache2 you can use the Apache plugin.\u00a0The\u00a0plugin\u00a0automates both obtaining and installing certificates on an Apache web server. To use\u00a0this plugin on the command line, simply include the flag\u00a0--apache<\/tt>.<\/p>\n Begin the process with the next command.<\/p>\n This starts an interactive installation script which will ask\u00a0a couple of questions to setup the certificate correctly.<\/p>\n Note that as Let\u2019s Encrypt is still in development they have set certain rate limits for issuing certificates to protect the service against both accidental and intentional abuse. You can check further details and documentation at Let\u2019s Encrypt\u00a0community site<\/a>.<\/p>\n If you are having problems using the client, make sure you are trying to register a domain or subdomain that currently resolves to that host. Also, check that you have the administrative privileges to run the commands\u00a0and that Apache is working correctly.<\/p>\n At the end of the certificate installation script output, you will see the certificate\u2019s expiration date which is usually 3 months from the day you installed it. Renewing a certificate is as easy as running a single command.<\/p>\n You can test the renewal process with the following command.<\/p>\n If the test succeeded without issues, you can actually renew the certificate by leaving out the additional parameters.<\/p>\n Once the renewal is complete, reload\u00a0your web service to update\u00a0the configuration with the next command.<\/p>\n Your certificate is now again valid for another 3 months.<\/p>\n The client will only request a renewal if the current certificate is about to expire. This can be useful for automating the process by creating a renew script similar to the example below.<\/p>\n The example script runs the renewal while directing the output to a log file, then checks if it was successful, and finally reloads Apache to complete the renewal.<\/p>\n You can automate the script, for example, using\u00a0Cron job<\/a>. Open the\u00a0root<\/tt>\u00a0user crontab for edit with the command underneath.<\/p>\n Include a line similar to the example below in the crontab file, then save and exit.<\/p>\n Let\u2019s Encrypt recommends setting the automated renewal script to run twice a day on a random minute within the hour. The above example runs on 02:01 and 14:01 but you can select any time slot you wish.<\/p>\n If you wish to remove\u00a0a certificate from your server it can be revoked using a\u00a0subcommand with Let\u2019s Encrypt client.\u00a0The command below can be used to revoke a particular certificate. Replace the\u00a0<<\/em>domain_name>\u00a0<\/em>with the domain which certificate you wish to revoke.<\/p>\n The process does not give a confirmation upon completion, but if you perform it again you will get a message that the certificate has already been revoked.<\/p>\n In most cases simply installing and renewing your certificates as instructed above is enough, but the Let\u2019s Encrypt client also supports some additional plugins for managing your certificates.\u00a0This guide focuses on installing the certificate using the Apache plugin, though Let\u2019s Encrypt also works just as well with other web servers software. Nginx setup automation is currently experimental and the plugin is not installed with\u00a0letsencrypt<\/tt>\u00a0automatically, but can still be used to install certificates manually on servers running Nginx. Check out our other guide for\u00a0How to Install Let\u2019s Encrypt on Nginx<\/a>.\u00a0You can also find out about other supported options in the\u00a0documentation<\/a>\u00a0for Let\u2019s Encrypt.<\/p>\n","protected":false},"excerpt":{"rendered":" Improving\u00a0your website security through encryption, even on the most basic servers, can increase your visitors\u2019 trust in your site and your ability to run it. Setting up encryption on your web host has generally been complicated and expensive, which\u00a0often deters administrators whose web applications might not depend on user input. Let\u2019s Encrypt aims to change […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[455,1,730,830,51,495,68,271,501],"tags":[1237,920,291,1139,923,921],"class_list":["post-4573","post","type-post","status-publish","format-standard","hentry","category-apache2","category-viazap","category-clusterweb","category-debian","category-linux-linuxrs","category-profissional-de-ti","category-redes-2","category-seguranca-2","category-shell-script","tag-apache2","tag-how","tag-install","tag-lets-encrypt","tag-on","tag-to"],"_links":{"self":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/4573","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4573"}],"version-history":[{"count":2,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/4573\/revisions"}],"predecessor-version":[{"id":4575,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=\/wp\/v2\/posts\/4573\/revisions\/4575"}],"wp:attachment":[{"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4573"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4573"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.clusterweb.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4573"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Installing Let\u2019s Encrypt client<\/h2>\n
sudo apt-get install apache2 python-letsencrypt-apache<\/pre>\n
letsencrypt --help<\/pre>\n
Obtaining\u00a0a certificate<\/h2>\n
\n
sudo letsencrypt --apache<\/pre>\n
\n
Renewing a certificate<\/h2>\n
sudo letsencrypt renew --dry-run --agree-tos<\/pre>\n
sudo letsencrypt renew<\/pre>\n
sudo service apache2 reload<\/pre>\n
sudo nano \/etc\/cron.daily\/letsencrypt-renew<\/pre>\n
#!\/bin\/sh\r\nif letsencrypt renew > \/var\/log\/letsencrypt\/renew.log 2>&1 ; then\r\n \/etc\/init.d\/apache2 reload > \/dev\/null 2>&1\r\nfi\r\nexit<\/pre>\n
sudo chmod +x\u00a0\/etc\/cron.daily\/letsencrypt-renew<\/pre>\n
sudo crontab -e<\/pre>\n
01 02,14 * * * \/etc\/cron.daily\/letsencrypt-renew<\/pre>\n
Revoking a certificate<\/h2>\n
letsencrypt revoke --cert-path \/etc\/letsencrypt\/live\/<domain_name>\/cert.pem<\/pre>\n
Other plugins<\/h2>\n