Reading time: 2 minutes
Many times we want to install a certificate to ensure that the connection to our website is secure.
This tutorial can be used to obtain certificates for a domain and a subdomain. It can be used with Apache, Node.js, Fast-API, or Python’s Django, Spring Boot, or any other type of server that we want to install on our machine.
To download the SSL certificate, we first need to associate the domain or subdomain with the IP address of our machine.
Then we need to install Let’s Encrypt, which will allow us to obtain the certificates.
sudo apt install certbot python3-certbot-apache
Once installed, we can obtain the certificate using this command
sudo certbot --apache
Now we enter the requested information on the screen.
The email is used to receive certificate expiration emails, so it is useful to add it to detect future errors.
Then it asks us to accept the terms and finally add the domains we want to obtain.
We can also add subdomains, remember to add them without adding “http” in front.
Once successfully obtained, the following message appears:
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/your.subdomain.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/your.subdomain.com/privkey.pem Your certificate will expire on 2022-07-29. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Once all these steps are completed, we have the certificates on our machine and the automatic renewal of these certificates, which are valid for 4 months, is activated.
If we want to force renewal, we need to run the following command:
sudo certbot renew --dry-run
Finally, if we want to see where the certificates are stored, we need to go to this path and the folder of our domain:
/etc/letsencrypt/live/
If we want to add a new certificate to use different domains on the same machine, we can do it with the following command:
sudo certbot certonly -d your.domain.com