In this article we will install certbot from Let’s encrypt and get a certificate on Ubuntu 20.04 including how to renew and delete them.
In today’s online world, SSL is a must for every website. Users who have personal websites, blogs can’t afford to buy certificates for different reasons. That’s where Let’s encrypt comes in which provide certificates valid for 3 months for free and can be renewed afterwards.
Certbot recommend to use snap --classic
instead of just snap. The deb package currently is outdated so there are limited options. The following command will install certbot on Ubuntu 20.04 LTS.
snap install certbot --classic
To get only a certificate without web root. Some basic questions will be asked for the first time, like to provide email etc.
certbot certonly -d DOAMIN.COM
To get a certificate with web root. You can change things accordingly e.g, your web path.
certbot certonly --webroot -w /var/www/html -d DOAMIN.COM
If you are testing a website you can get a staging certificate which later you can upgrade to production by running the above command.
certbot certonly --test-cert --webroot -w /var/www/html -d DOAMIN.COM
Renew
If you have acquired a certificate for web root, chances are that certbot will schedule a renewal for you automatically. Read the last lines once certificate is retrieved by certbot.
To renew a certificate, there are two options. Which one you would implement or use is up to you.
Cron
Cron job commands are, to list crontab -l
, to edit crontab -e
Run cron job everyday at 4.30AM.
30 04 * * * certbot renew
Certbot hook
To automatically renew the certificates, add this line to /etc/periodic.conf
.
weekly_certbot_enable="YES"
Delete certificate
To delete a certificate you don’t need to remove directories like live/archive/renew
etc anymore manually, just run the following command and you are good to go.
certbot delete --cert-name DOMAIN.COM