Hostwinds Tutorials

Search results for:


Table of Contents


Installing Certbot
Installing acme-dns-certbot
Adding Let's Encrypt SSL

Install Let’s Encrypt SSL Using Certbot (Ubuntu)

Tags: SSL,  Ubuntu 

Installing Certbot
Installing acme-dns-certbot
Adding Let's Encrypt SSL

When developing your website, it can be beneficial to install an SSL as soon as possible. The reason to do this could be:

  1. For securing the data, you have on your site
  2. Better SEO rankings
  3. Build website visitor trust for when your site launches

There are many reasons why you would want to have an SSL installed on your site. In this guide, we will be going through acquiring a Let's Encrypt SSL with Certbot. We will be using the acme-dns-certbot tool within Certbot to complete this task.

There are a couple of things that you will need before beginning with this guide.

  1. You will need a Hostwinds server with Ubuntu.
  2. Access to SSH with the root user or a user with sudo access
  3. A domain that you can add DNS records to that are hosted on that server
  4. A good working backup of your Server or take a snapshot backup

Once those items are ready, we can start with the guide.

Installing Certbot

To install Certbot onto the server, we will be using the repository maintained by the Certbot developers as they have the most up-to-date version. To begin, add the repository:

sudo apt-add-repository ppa:certbot/certbot

You will press "Enter" to confirm that you would like the add the repository. Next, you will want to install Certbot. You will need to use this command:

sudo apt install certbot

Congratulations! You just installed Certbot onto your server. Unfortunately, that is not the end of this guide. Next, we will need to install acme-dns-certbot.

Installing acme-dns-certbot

Now that you have Certbot installed on your server, you can now install the acme-dns-certbot tool, which will allow you to acquire the Let's Encrypt SSL.

First, you will need to download the tool by using this command:

wget https://github.com/joohoi/acme-dns-certbot-joohoi/raw/master/acme-dns-auth.py

After it is download, you will need to make sure you can edit the script by running this:

chmod +x acme-dns-auth.py

Now you will need to edit the script. First, run this command:

sed -i 's/python/python3/' acme-dns-auth.py

Verify the changes were made.

cat acme-dns-auth.py

It should now look something like this:

This makes sure the script is using Python 3, the latest supported version. Now we need to move the file to the Let's Encrypt directory:

sudo mv acme-dns-auth.py /etc/letsencrypt/

Now that we have everything downloaded and installed, we can get the Let's Encrypt SSL on your domain.

Adding Let's Encrypt SSL

You can now add the SSL to your specific domain by using the acme-dns-auth tool. You will run the initial script by running this command:

sudo certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d *.your.domain -d your.domain

Next, you will need to replace your actual domain for "your.domain" section. Make sure to accept the actions by pressing "y". After this is done, you should be an output like this:

Please add the following CNAME record to your main DNS zone: _acme-challenge.luke.ga CNAME d8f11caf-f510-4bcd-b84e-0cef385e3953.auth.acme-dns.io.
Waiting for verification…

You will add a cname into your domain's DNS records. If you are using Hostwinds DNS manager, it should look something like this:

After adding the cname to your DNS manager, you will need to go back to your terminal and press "Enter" to validate the record. This should complete the process.

Congratulations! You have just added a Let's Encrypt SSL to your domain for about 5 years, but how would you renew the certificate so it will not expire? You would need to run this command:

sudo certbot renew

This will automatically renew any certificates that you currently have using Certbot. You will not need to add anything else to renew. This command will do everything for you.

Now you have a secure domain for as long as you keep running Certbot on your server. The current certificate that you just added to your domain will not expire for 5 years.

Written by Luke Johnston  /  June 19, 2020