Install SSL certificates for HTTPS using domain or subdomain with Let’s Encrypt on your own server or VPS

Tiempo de lectura: 2 minutos

Reading time: 2 minutes

Many times we want to install a certificate to ensure that the connection to our website is secure.

This tutorial can be used to obtain certificates for a domain and a subdomain. It can be used with Apache, Node.js, Fast-API, or Python’s Django, Spring Boot, or any other type of server that we want to install on our machine.

To download the SSL certificate, we first need to associate the domain or subdomain with the IP address of our machine.

Then we need to install Let’s Encrypt, which will allow us to obtain the certificates.

sudo apt install certbot python3-certbot-apache

Once installed, we can obtain the certificate using this command

sudo certbot --apache

Now we enter the requested information on the screen.

The email is used to receive certificate expiration emails, so it is useful to add it to detect future errors.

Then it asks us to accept the terms and finally add the domains we want to obtain.

We can also add subdomains, remember to add them without adding “http” in front.

Once successfully obtained, the following message appears:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/your.subdomain.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/your.subdomain.com/privkey.pem
   Your certificate will expire on 2022-07-29. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again with the "certonly" option. To non-interactively
   renew *all* of your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Once all these steps are completed, we have the certificates on our machine and the automatic renewal of these certificates, which are valid for 4 months, is activated.

If we want to force renewal, we need to run the following command:

sudo certbot renew --dry-run

Finally, if we want to see where the certificates are stored, we need to go to this path and the folder of our domain:

/etc/letsencrypt/live/

If we want to add a new certificate to use different domains on the same machine, we can do it with the following command:

sudo certbot certonly -d your.domain.com

Leave a Comment