Generate Let’s Encrypt SSL/TLS Certificate

Generate Let’s Encrypt SSL/TLS Certificate

Step 1. Before generating a Let’s Encrypt SSL/TLS certificate, make sure that your domain is correctly pointed to your server IP address and propagated. There is an online DNS tool where you can verify.

Step 2. Generate Let’s Encrypt certificate through Certbot.

sudo certbot --apache -d domain.com -d www.domain.com
  • certbot: Will run Certbot.
  • --apache: Certbot plugin that we want to use it.
  • -d: Specify the names that you’d like the certificate to be valid for.

Step 3. If everything is fine with the command execution, Certbot will ask how you’d like to configure your HTTPS settings.

Output:

Please choose whether HTTPS access is required or optional.
-------------------------------------------------------------------------------
1: Easy - Allow both HTTP and HTTPS access to these sites
2: Secure - Make all requests redirect to secure HTTPS access
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Select your choice. Once the certificate is generated you should get the following output:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/domain.com/fullchain.pem. Your cert will
   expire on xxxx-xx-xx. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot again with the
   "certonly" option. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work

The above output means that you have successfully generated SSL/TLS for your domain.

Step 4. Restart the Apache service.

sudo systemctl restart httpd

Open your desired web browser and notice the green lock icon.