How to install certbot on Ubuntu 20.04

In this article we will install certbot from Let’s encrypt and get a certificate on Ubuntu 20.04 including how to renew and delete them.

In today’s online world, SSL is a must for every website. Users who have personal websites, blogs can’t afford to buy certificates for different reasons. That’s where Let’s encrypt comes in which provide certificates valid for 3 months for free and can be renewed afterwards.

Certbot recommend to use snap --classic instead of just snap. The deb package currently is outdated so there are limited options. The following command will install certbot on Ubuntu 20.04 LTS.

snap install certbot --classic

To get only a certificate without web root. Some basic questions will be asked for the first time, like to provide email etc.

certbot certonly -d DOAMIN.COM 

To get a certificate with web root. You can change things accordingly e.g, your web path.

certbot certonly --webroot -w /var/www/html -d DOAMIN.COM

If you are testing a website you can get a staging certificate which later you can upgrade to production by running the above command.

certbot certonly --test-cert --webroot -w /var/www/html -d DOAMIN.COM

Renew

If you have acquired a certificate for web root, chances are that certbot will schedule a renewal for you automatically. Read the last lines once certificate is retrieved by certbot.

To renew a certificate, there are two options. Which one you would implement or use is up to you.

Cron

Cron job commands are, to list crontab -l, to edit crontab -e

Run cron job everyday at 4.30AM.

30 04 * * * certbot renew

Certbot hook

To automatically renew the certificates, add this line to /etc/periodic.conf.

weekly_certbot_enable="YES"

Delete certificate

To delete a certificate you don’t need to remove directories like live/archive/renew etc anymore manually, just run the following command and you are good to go.

certbot delete --cert-name DOMAIN.COM