Today, implementing SSL/TLS encryption is essential for securing user data and enhancing trust in your website. This guide focuses on setting up free SSL certificates from Let's Encrypt on Linux systems, using Apache as the web server.

The process leverages Certbot, an automated tool that simplifies the acquisition and renewal of certificates, making it easier to maintain a secure online presence. This guide assumes that Apache HTTP Server is installed and running on your machine.

1.Installing Certbot

1.1.On Debian-Based Systems

To install Certbot and its Apache plugin on Debian-based systems like Ubuntu, execute the following commands:sudo apt install certbot python3-certbot-apache

This setup prepares your system for SSL certificate management.

1.2.On Red Hat-Based Systems

Start by enabling the EPEL repository to access Certbot packages:sudo yum install epel-release

Then, proceed to install Certbot and the Apache plugin:sudo yum install certbot python3-certbot-apache

This process readies your Red Hat-based system for SSL certificate management.

2.Acquiring SSL Certificates with Certbot

With Certbot installed, the next step is to use it to obtain SSL certificates from Let's Encrypt. This procedure includes Certbot making modifications to your Apache configuration to secure your website's connections.

2.1.Configuring Apache and Obtaining Certificates

To secure your site with an SSL certificate, run:sudo certbot --apache

This command initiates an interactive session that guides you through the certificate acquisition process. Certbot will automatically update your site's Apache configuration file to use the newly obtained certificate, ensuring secure connections.

During this process, Certbot saves the SSL certificate files to a standard location on your system. On Debian-based and Red Hat-based systems, these files are typically located in the /etc/letsencrypt/live/yourdomain.com/ directory. This directory will contain the certificate file (cert.pem), the private key (privkey.pem), and other related files necessary for SSL configuration.

3.Automated Renewals

Let's Encrypt certificates are valid for 90 days, requiring renewal to maintain website security. Certbot automatically configures your system for these renewals. To verify the setup, perform a dry run with:sudo certbot renew --dry-run

A successful test ensures that your system is configured to automatically renew certificates, keeping your site secure without needing manual intervention.