How to install certbot on Ubuntu 20.04

In this article we will install certbot from Let’s encrypt and get a certificate on Ubuntu 20.04 including how to renew and delete them.

In today’s online world, SSL is must for every website. Users who have personal websites, blogs can’t afford to buy certificates for different reasons. That’s where Let’s encrypt comes in which provide certificates valid for 3 months for free and can be renewed afterwards.

Certbot recommend to use snap --classic instead of just snap. The deb package currently is outdated so there are limited options. The following command will install certbot on Ubuntu 20.04 LTS.

snap install certbot --classic

To get only a certificate without web root. Some basic questions will be asked for the first time, like to provide email etc.

certbot certonly -d DOAMIN.COM

To get a certificate with web root. You can change things accordingly e.g, your web path.

certbot certonly --webroot -w /var/www/html -d DOAMIN.COM

If you are testing a website you can get a staging certificate which later you can upgrade to production by running the above command.

certbot certonly --test-cert --webroot -w /var/www/html -d DOAMIN.COM

Renew

If you have acquired a certificate for web root, chances are that certbot will schedule a renewal for you automatically. Read the last lines once certificate is retrieved by certbot.

To renew a certificate, there are two options. Which one you would implement or use is up to you.

Cron

Cron job commands are, to list crontab -l, to edit crontab -e

Run cron job everyday at 4.30AM.

30 04 * * * certbot renew

Certbot hook

To automatically renew the certificates, add this line to /etc/periodic.conf.

weekly_certbot_enable="YES"

Delete certificate

To delete a certificate you don’t need to remove directories like live/archive/renew etc anymore manually, just run the following command and you are good to go.

certbot delete --cert-name DOMAIN.COM

Leave a Reply

Your email address will not be published.