Search results for:
Table of Contents
When developing your website, it can be beneficial to install an SSL as soon as possible. The reason to do this could be:
There are many reasons why you would want to have an SSL installed on your site. In this guide, we will be going through acquiring a Let's Encrypt SSL with Certbot. We will be using the acme-dns-certbot tool within Certbot to complete this task.
There are a couple of things that you will need before beginning with this guide.
Once those items are ready, we can start with the guide.
To install Certbot onto the server, we will be using the repository maintained by the Certbot developers as they have the most up-to-date version. To begin, add the repository:
sudo apt-add-repository ppa:certbot/certbot
You will press "Enter" to confirm that you would like the add the repository. Next, you will want to install Certbot. You will need to use this command:
sudo apt install certbot
Congratulations! You just installed Certbot onto your server. Unfortunately, that is not the end of this guide. Next, we will need to install acme-dns-certbot.
Now that you have Certbot installed on your server, you can now install the acme-dns-certbot tool, which will allow you to acquire the Let's Encrypt SSL.
First, you will need to download the tool by using this command:
After it is download, you will need to make sure you can edit the script by running this:
chmod +x acme-dns-auth.py
Now you will need to edit the script. First, run this command:
sed -i 's/python/python3/' acme-dns-auth.py
Verify the changes were made.
It should now look something like this:
This makes sure the script is using Python 3, the latest supported version. Now we need to move the file to the Let's Encrypt directory:
sudo mv acme-dns-auth.py /etc/letsencrypt/
Now that we have everything downloaded and installed, we can get the Let's Encrypt SSL on your domain.
You can now add the SSL to your specific domain by using the acme-dns-auth tool. You will run the initial script by running this command:
sudo certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d *.your.domain -d your.domain
Next, you will need to replace your actual domain for "your.domain" section. Make sure to accept the actions by pressing "y". After this is done, you should be an output like this:
Please add the following CNAME record to your main DNS zone: _acme-challenge.luke.ga CNAME d8f11caf-f510-4bcd-b84e-0cef385e3953.auth.acme-dns.io.
Waiting for verification…
You will add a cname into your domain's DNS records. If you are using Hostwinds DNS manager, it should look something like this:
After adding the cname to your DNS manager, you will need to go back to your terminal and press "Enter" to validate the record. This should complete the process.
Congratulations! You have just added a Let's Encrypt SSL to your domain for about 5 years, but how would you renew the certificate so it will not expire? You would need to run this command:
sudo certbot renew
This will automatically renew any certificates that you currently have using Certbot. You will not need to add anything else to renew. This command will do everything for you.
Now you have a secure domain for as long as you keep running Certbot on your server. The current certificate that you just added to your domain will not expire for 5 years.
Written by Luke Johnston / June 19, 2020