In this article we will install Certbot from Let’s encrypt and get a certificate on Ubuntu 20.04 including how to renew and delete them.
In today’s online world, SSL is a must for every website. Users with personal websites or blogs may be unable to purchase certificates for various reasons. That’s where Let’s Encrypt comes in, providing certificates that are valid for three months for free and can be renewed afterward.
If you are using another version of Ubuntu, such as 22.04 LTS, the steps remain the same for that version as well.
Installation
Certbot recommends using snap --classic
instead of just snap. The deb package is currently outdated, limiting the available options. The following command will install Certbot on Ubuntu via snap. If snap is not yet installed, simply run apt install snapd
.
snap install certbot --classic
Get a certificate
You will be asked some basic questions for the first time, such as providing an email address, etc.
To obtain only a certificate without a web root.
certbot certonly -d DOAMIN.COM
To obtain a certificate with a web root, you can make changes accordingly, such as adjusting your web path.
certbot certonly --webroot -w /var/www/html -d DOAMIN.COM
If you are testing a website, you can obtain a staging certificate, which can later be upgraded to production by running the above command.
certbot certonly --test-cert --webroot -w /var/www/html -d DOAMIN.COM
Renewal
If you have obtained a certificate for a web root, Certbot will likely schedule an automatic renewal for you. Please read the final lines once the certificate is retrieved by Certbot.
To renew a certificate, you have two options. The choice of which option to use is up to you.
Option 1: Cron
Cron job commands are, to list crontab -l
, to edit crontab -e
Run cron job everyday at 4.30AM.
30 04 * * * certbot renew
Option 2: Certbot hook
To automatically renew the certificates, add this line to /etc/periodic.conf
.
weekly_certbot_enable="YES"
Delete a certificate
To delete a certificate, you no longer need to manually remove directories like live, archive, renew, etc. Just run the following command, and you’re good to go.
certbot delete --cert-name DOMAIN.COM