Installing a Free SSL Certificate from Let’s Encrypt on an Ubuntu Server

Letsencrypt.org is an open certificate authority, supported by the major browsers: Google Chrome, Internet Explorer, Mozilla Firefox, and the mobile browsers for Android and iOS.

lets_encrypt_header

Learn how to install an SSL certificate from Letsencrypt.org on a Ubuntu server.

Creating an Ubuntu Server

To create a standard Ubuntu server:

  1. Log in to your 1&1 Control Panel.
  2. To open the 1&1 Cloud Panel, click Cloud Panel in the 1&1 Server section.
  3. In the Server section, click Create.
  4. Enter a server name.
  5. Select the desired configuration.

    create_server

  6. In the 1&1 Images tab, click the operating system Ubuntu 14.04.

    ubuntu_image

  7. Click Create.

Accessing the Server Credentials

The server user name is root.

The password can be displayed in the details section of your server:

  1. Select the Ubuntu server.
  2. In the Initial Password section, click Show Password.

    init_password

Connecting to the Server via SSH

You can establish an encrypted network connection to your server using Secure Shell (SSH). Computers with Windows Operating systems SSH is not installed by default on computers with Windows operating systems. To establish an encrypted network connection using Secure Shell, you need an additional program, e.g. PuTTY.

  1. Start PuTTY.
  2. Enter your server's IP address in the Hostname (or IP address) field. putty

  3. Activate the SSH connection type in the Connection type section.
  4. Click Open. Upon the first login, a warning message appears. Because the SSH server has previously been un-known, no key is available to PuTTY.
  5. To allow the connection and to store the key for future sessions, click Yes.
  6. Enter the user name.
    Enter the password.
    You will be connected to the server.

Computers with Linux Operating Systems

If you use Linux, follow these steps to establish a SSH connection to your server:

  1. Open a terminal (e.g. xterm)
  2. Enter the following command in the terminal: ssh root@< SERVER'S IP ADDRESS>
    Example: ssh root@70.35.196.146
  3. Enter your password.

    putty_connect

Updating Your Server

To update your server, enter the following commands:

apt-get update
apt-get upgrade

Pointing your Domain to Your Server IP

To point your domain to your server IP address, follow these steps:

  1. Log in to your 1&1 Control Panel and select the relevant package.
  2. Click Manage Domains.
  3. Click the arrow icon next to your domain to display the options menu.
  4. In the options menu, go to Domain Settings and select Edit DNS Settings.
  5. Select Other IP address and enter each part of your server’s IP in the field. Each part of the IP is separated by a dot(.). Example: 70.35.196.146
  6. Click Save.
    A confirmation page is displayed, informing you that the changes will be updated accordingly. As with all DNS changes, it may take up to one hour for your changes to propagate throughout the Internet.

Installing GIT

To install GIT:

Prerequisites:
You have logged in to your server.

  1. Enter the command apt-get install git.
  2. Enter y and press Enter.
    GIT will be installed.

Installing Apache

To install Apache on your server:

  1. Enter the command apt-get install apache2.
  2. Press Enter.
    Apache will be installed.

Cloning the Let’s Encrypt Client

To clone the repository of the Let’s Encrypt Client, enter the following commands:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto --help

Installing the Let’s Encrypt Client for Apache

To install the Let’s Encrypt Client for Apache:

  1. Enter the following command:
    ./letsencrypt-auto certonly --webroot -w /var/www/YOURDOMAIN.com/public_html/ -d YOURDOMAIN.com

    Example:

    ./letsencrypt-auto certonly --webroot -w /var/www/applicationpack1.com/public_html/ -d applicationpack1.com
  2. Enter a valid e-mail address.

    lets_encrypt_ubuntu_2

  3. Accept the term and conditions.
    A Congratulations message is displayed.

    lets_encrypt_congratz

    The path to the generated certificate is:
    /etc/letsencrypt/live/YOURDOMAIN.com/fullchain.pem

    Example:

    /etc/letsencrypt/live/applicationpack1.com/fullchain.pem

    In this directory, you can find the files cert.pem, privkey.pem and chain.pem.

    lets_encrypt_ubuntu_9

    These files will be needed for the Apache configuration.

Installing MOD SSL in Apache

To install the the MOD SSL in Apache, enter the following command:

sudo a2enmod ssl

Configuring VHOSTS

To use the SSL encryption for your website, you have to create two vhosts: one vhost for the website part that will be accessed via HTTP connection (public), and another vhost for the part that will be accessed via HTTPS (SSL).

To become root user, enter the following command:

sudo su
  1. Create two directories, public and SSL, corresponding to the two vhosts:
    sudo mkdir -p /var/www/YOURDOMAIN.com/public_html
    sudo  mkdir -p /var/www/YOURDOMAIN.com/ssl_html

    Example:

    sudo mkdir -p /var/www/applicationpack1.com/public_html
    sudo  mkdir -p /var/www/applicationpack1.com/ssl_html

    Grant the access for the Apache user and permissions to your Apache user. This way, your user will be able to modify files in the new directories:

    sudo chown -R $USER:$USER /var/www/YOURDOMAIN.com/public_html
    sudo chown -R $USER:$USER /var/www/YOURDOMAIN.com/ssl_html
    sudo chmod -R 755 /var/www

    Example:

    sudo chown -R $USER:$USER /var/www/applicationpack1.com/public_html
    sudo chown -R $USER:$USER /var/www/applicationpack1.com/ssl_html
    sudo chmod -R 755 /var/www
  2. Create an index.html file for the public website part:
    vi /var/www/YOURDOMAIN.com/public_html/index.html

    Example:

    vi /var/www/applicationpack1.com/public_html/index.html
  3. Enter the following HTML code:
    <html>
    <head>
    <title>Hello</title>
    </head>
    <body>
    <h1>Website without SSL cert</h1>
    </body>
    </html>
  4. Create an index.html file for the SSL website part:
    vi /var/www/YOURDOMAIN.com/ssl_html/index.html

    Example:

    vi /var/www/applicationpack1.com/ssl_html/index.html
  5. Enter the following HTML code:
    <html>
    <head>
    <title>Hello SSL</title>
    </head>
    <body>
    <h1> Website with SSL cert </h1>
    </body>
    </html>
  6. Create the vhost file for the public website part:
    sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/YOURDOMAIN.conf

    Example:

    sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/applicationpack1.com.conf
  7. Open the vhost file for the public website part and edit it as needed:
    vi /etc/apache2/sites-available/YOURDOMAIN.com.conf

    Example:

    vi /etc/apache2/sites-available/applicationpack1.com.conf

    ubuntu_vhost

  8. Enable the vhost file for the public website part:
    sudo a2ensite YOURDOMAIN.com.conf

    Example:

    sudo a2ensite applicationpack1.com.conf
  9. Create the vhost file for the SSL website part by copying the first vhost file:
    sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/YOURDOMAIN.com

    Example:

    sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/applicationpack1.com-ssl.conf
  10. Open the vhost file for the SSL website part and edit it as needed:
    vi /etc/apache2/sites-available/YOURDOMAIN.com-ssl.conf

    Example:

    vi /etc/apache2/sites-available/applicationpack1.com-ssl.conf

    You will have to change the path in the following variables: DocumentRoot, SSLCertificateFile, SSLCertificateKeyFile and SSLCertificateChainFile:

    ubuntu_vhost_2

  11. Enable the vhost file for the SSL website part:
    sudo a2ensite YOURDOMAIN.com-ssl.conf

    Example:

    sudo a2ensite applicationpack1.com-ssl.conf
  12. Reboot Apache:
    sudo service apache2 restart
  13. Check the URLs in your browser.

Renewing Your Certificate

Your certificate is valid for 3 months. Let’s Encrypt recommends renewing the certificate every 60 days. To renew the certificate, enter the following command:

./letsencrypt-auto certonly –webroot –w /var/www/YOURDOMAIN /public_html/ -d YOURDOMAIN.com

Example:

./letsencrypt-auto certonly –webroot –w /var/www/applicationpack1.com/public_html/ -d applicationpack1.com

Content provided by 1&1

Comments

Tags: SSL Certificates / Networking