Install Let's Encrypt SSL on Ubuntu with Certbot

Updated on July 9, 2024 by InMotion Hosting Contributor

3 Minutes, 4 Seconds to Read

Install Let's Encrypt SSL on Ubuntu with Certbot | InMotion Hosting (1)

Let’s Encrypt provides free SSL certificates for your websites to use secure connections. Certbot is free open source software that allows you to easily create Let’s Encrypt SSLs on your unmanaged Linux server. Log into SSH as root to begin.

Install Certbot in Ubuntu 20.04

Instead of the older python-certbot-apache package, Certbot now recommends using the snapd package manager to install Certbot in Ubuntu. InMotion Cloud Server Hosting is incompatible with snapd at this time, but Python Installs Packages (PIP) works just as well.

Install Certbot in Ubuntu with PIP

Cloud server users can install Certbot in Ubuntu with PIP.

First, install PIP:

sudo apt install python3 python3-venv libaugeas0

Set up a virtual environment:

sudo python3 -m venv /opt/certbot/

sudo /opt/certbot/bin/pip install --upgrade pip

Install Certbot on Apache (or NGINX):

sudo /opt/certbot/bin/pip install certbot certbot-apache

sudo /opt/certbot/bin/pip install certbot certbot-nginx

Create a symlink to ensure Certbot runs:

sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot

Install Certbot in Ubuntu with snapd

Our Dedicated Server Hosting users can use snapd.

Install snapd:
```
sudo apt install snapd
```
Ensure you have the latest snapd version installed:
```
sudo snap install core; sudo snap refresh core
```
Install Certbot with snapd:
```
sudo snap install --classic certbot
```

Create a symlink to ensure Certbot runs:

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Create an SSL Certificate with Certbot

Run Certbot to create SSL certificates and modify your web server configuration file to automatically redirect HTTP requests to HTTPS. Or, add “certonly” to create the SSL certificates without modifying system files (recommended if hosting staging sites that should not be forced to use an SSL).

Choose the best option for your needs.
Create SSL certs for all domains and configure redirects in the web server:
```
sudo certbot --apache
```
```
sudo certbot --nginx
```
Create SSL certs for a specified domain (recommended if you’re using your system hostname):
```
sudo certbot --apache -d example.com -d www.example.com
```
Only install SSL certs:
```
sudo certbot certonly --apache
```
```
sudo certbot certonly --nginx
```
Enter an email address for renewal and security notices.
Agree to the terms of service.
Specify whether to receive emails from EFF.
If prompted, choose whether to redirect HTTP traffic to HTTPS – 1 (no redirect, no further changes to the server) or 2 (redirect all HTTP requests to HTTPS).

SSL Maintenance and Troubleshooting

After you install a Let’s Encrypt certificate on your Ubuntu Certbot setup, you can test your website SSL status at https://WhyNoPadlock.com to identify mixed content errors.

SSL Improvements

Having an SSL cert and 301 redirects to force HTTPS aren’t always enough to prevent hacks. Cyber attackers have found ways to bypass both security practices to infiltrate server communications.

HTTP Strict Transport Security (HSTS) is a security HTTP header that addresses this by telling web browsers to only serve your website when received with a valid SSL cert. If the browser receives an insecure connection, it rejects the data altogether to protect the user. It is easy to configure HSTS within your web server (e.g. Apache and NGINX).

Upgrade to VPS Hosting for Peak Performance

Upgrade to InMotion VPS Hosting today for top-notch performance, security, and flexibility, and save up to $2,412 – a faster, stronger hosting solution is just a click away!

SSD Storage High-Availability Ironclad Security Premium Support

VPS Hosting

Install Let's Encrypt SSL on Ubuntu with Certbot | InMotion Hosting (2024)