DEV Community

Sabito
Sabito

Posted on

How to Use Certbot to Obtain an SSL Certificate and Enable HTTPS on Linux

Securing your website with HTTPS is essential for protecting user data and enhancing trust. Let's Encrypt offers free SSL certificates, and Certbot is a popular tool for easily obtaining and managing these certificates. In this guide, we’ll walk through the steps to use Certbot to obtain an SSL certificate and enable HTTPS on a Linux server.

Prerequisites

Before you begin, ensure that you have the following:

  1. A domain name: You should have a registered domain name pointing to your server.
  2. A Linux server: This guide assumes you are using a Linux-based server like Ubuntu or CentOS.
  3. Access to the terminal: You should have root or sudo access to the terminal.
  4. A web server: Nginx or Apache should be installed and running on your server.

Step 1: Install Certbot

On Ubuntu/Debian

First, make sure your package list is updated:

sudo apt update
Enter fullscreen mode Exit fullscreen mode

Then, install Certbot and the plugin for your web server. For Nginx, use:

sudo apt install certbot python3-certbot-nginx
Enter fullscreen mode Exit fullscreen mode

For Apache, use:

sudo apt install certbot python3-certbot-apache
Enter fullscreen mode Exit fullscreen mode

On CentOS/RHEL

For CentOS/RHEL, you might need to enable the EPEL repository:

sudo yum install epel-release
Enter fullscreen mode Exit fullscreen mode

Then, install Certbot:

sudo yum install certbot python3-certbot-nginx
Enter fullscreen mode Exit fullscreen mode

Or for Apache:

sudo yum install certbot python3-certbot-apache
Enter fullscreen mode Exit fullscreen mode

Step 2: Obtain an SSL Certificate

With Certbot installed, the next step is to obtain an SSL certificate. The process is slightly different depending on whether you're using Nginx or Apache.

For Nginx

Certbot can automatically configure Nginx for you. Run the following command:

sudo certbot --nginx
Enter fullscreen mode Exit fullscreen mode

For Apache

Similarly, for Apache, run:

sudo certbot --apache
Enter fullscreen mode Exit fullscreen mode

Certbot will prompt you to enter your email address, agree to the terms of service, and select the domain(s) for which you want to enable HTTPS.

Step 3: Verify the Installation

After Certbot obtains the certificate, it will automatically configure your web server to use HTTPS. You can verify this by visiting your website using https://your-domain.com. Your site should load with a secure connection, indicated by the padlock icon in the browser's address bar.

Step 4: Set Up Automatic Renewal

Let’s Encrypt certificates are valid for 90 days, so it’s crucial to set up automatic renewal. Certbot handles this with a cron job or systemd timer, which is usually installed by default.

You can test the renewal process with:

sudo certbot renew --dry-run
Enter fullscreen mode Exit fullscreen mode

If this runs without errors, Certbot is correctly set up to renew your certificates automatically.

Step 5: Additional Security Configurations

Enabling HTTPS is a great start, but there are a few additional steps you can take to enhance security:

  • HTTP to HTTPS Redirect: Ensure all traffic is redirected to HTTPS. Certbot usually sets this up automatically, but you can manually configure it in your web server's configuration files.

  • Security Headers: Add headers like Strict-Transport-Security (HSTS) and X-Content-Type-Options to your web server configuration to protect against certain types of attacks.

  • SSL Labs Test: Use the SSL Labs test to analyze your server's SSL configuration and get recommendations for improvements.

Conclusion

By following these steps, you’ve successfully used Certbot to obtain an SSL certificate and enabled HTTPS on your Linux server. Your site is now more secure, and your visitors can confidently interact with your content. Remember to keep your system updated and monitor your SSL certificate's renewal to maintain a secure environment.

Feel free to share your experience or ask questions in the comments below!

Top comments (2)

Some comments may only be visible to logged-in visitors. Sign in to view all comments.