Generate Let’s Encrypt SSL/TLS Certificate
Generate Let’s Encrypt SSL/TLS Certificate
Step 1. Before generating a Let’s Encrypt SSL/TLS certificate, make sure that your domain is correctly pointed to your server IP address and propagated. There is an online DNS tool where you can verify.
Step 2. Generate Let’s Encrypt certificate through Certbot.
sudo certbot --apache -d domain.com -d www.domain.com
certbot
: Will run Certbot.--apache
: Certbot plugin that we want to use it.-d
: Specify the names that you’d like the certificate to be valid for.
Step 3. If everything is fine with the command execution, Certbot will ask how you’d like to configure your HTTPS settings.
Output:
Please choose whether HTTPS access is required or optional.
-------------------------------------------------------------------------------
1: Easy - Allow both HTTP and HTTPS access to these sites
2: Secure - Make all requests redirect to secure HTTPS access
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
Select your choice. Once the certificate is generated you should get the following output:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/domain.com/fullchain.pem. Your cert will
expire on xxxx-xx-xx. To obtain a new or tweaked version of this
certificate in the future, simply run certbot again with the
"certonly" option. To non-interactively renew *all* of your
certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work
The above output means that you have successfully generated SSL/TLS for your domain.
Step 4. Restart the Apache service.
sudo systemctl restart httpd
Open your desired web browser and notice the green lock icon.