Search The Hostwinds Guides Knowledge Base

Install Let’s Encrypt SSL Using Certbot (Ubuntu)

Share This Article [TheChamp-Sharing]

When developing your website it can be very helpful to install an SSL as soon as possible. The reason to do this could be: 

  1. For securing the data you have on your site
  2. Better SEO rankings
  3. Build website visitor trust for when your site launches

There are many reasons why you would want to have an SSL installed on your site. In this guide, we will be going through how to do acquire a Let’s Encrypt SSL with Certbot. We will be using the acme-dns-certbot tool within Certbot to complete this task.

There are a couple of things that you will need before beginning with this guide.

  1. You will need a Hostwinds server with Ubuntu
  2. Access to SSH with the root user or a user with sudo access
  3. A domain that you can add DNS records to that are hosted on that server
  4. A good working backup of your Server or take a snapshot backup

Once those items are ready we can start with the guide. 

Installing Certbot

To install Certbot onto the server we will be using the repository maintained by the Certbot developers as they have the most up to date version. To begin, add the repository:

sudo apt-add-repository ppa:certbot/certbot

You will to press “Enter” to confirm that you would like the add the repository. Next, you will want to install Certbot. You will need to use this command:

sudo apt install certbot

Congratulations! You just installed Certbot onto your server. Unfortunately, that is not the end of this guide. Next, we will need to install acme-dns-certbot. 

Installing acme-dns-certbot

Now that you have Certbot installed on your server you can now install the acme-dns-certbot tool which will allow you to acquire the Let’s Encrypt SSL.

First, you will need to download the tool by using this command:

wget https://github.com/joohoi/acme-dns-certbot-joohoi/raw/master/acme-dns-auth.py

After it is download you will need to make sure you can edit the script by running this:

chmod +x acme-dns-auth.py

Now you will need to edit the script. First, run this command:

nano acme-dns-auth.py

Then you will just need to change the first line by adding a 3 at the end to change it to python 3. It should now look something like this:

This just makes sure the script is using Python 3, the latest supported version. Now we just need to move the file to the Let’s Encrypt directory:

sudo mv acme-dns-auth.py /etc/letsencrypt/

Now that we have everything downloaded and installed we can get the Let’s Encrypt SSL on your domain.

Adding Let’s Encrypt SSL

You can now add the SSL to your specific domain by using the acme-dns-auth tool. You will run the initial script by running this command: 

sudo certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d *.your.domain -d your.domain

Next, you will need to make sure to replace your actual domain for “your.domain” section. Make sure to accept with the actions by pressing “y”. After this is done, you should be an output like this:

Output from acme-dns-auth.py:
Please add the following CNAME record to your main DNS zone:
_acme-challenge.luke.ga CNAME d8f11caf-f510-4bcd-b84e-0cef385e3953.auth.acme-dns.io.

Waiting for verification…

You will add a cname into your domains DNS records. If you are using Hostwinds DNS manager it should look something like this:

After you have added the cname to your DNS manager then you will just need to go back to your terminal and press “Enter” to validate the record. This should complete the process.

Congratulations! You have just added a Let’s Encrypt SSL to your domain for about 5 years but how would you renew the certificate so it will not expire? You would just need to run this command:

sudo certbot renew

This will automatically renew any certificates that you currently have using Certbot. You will not need to add anything else to renew, this command will do everything for you.

Now you have a secure domain for as long as you keep running Certbot on your server. The current certificate that you just added to your domain will not expire for 5 years.

Related Articles