Letsencrypt – SSL Certificates for everyone

May 17, 2017 - Guides, Linux, Security
Letsencrypt – SSL Certificates for everyone


On this guide I’ll explain how to create an SSL certificate with letsencrypt on Debian 8.



To enable HTTPS on your website, you need to get a certificate (a type of file) from a Certificate Authority (CA)

Letsencrypt is a CA, so it can issue SSL certificates for your websites.

Let’s start by setting up necessary packages.


First fully update your system, not just to guarantee you have the necessary dependencies, but to make sure you’re not affected by discovered exploits.

Security first!


sudo apt-get update && apt-get upgrade


Now we will use jessie-backports repository to install letsencrypt.

Issue the following commands to add the new repository and make apt-get aware of the new available repository:

echo ‘deb jessie-backports main’ | sudo tee /etc/apt/sources.list.d/backports.list


sudo apt-get update


Install the letsencrypt package:

sudo apt-get install python-certbot-apache -t jessie-backports


Note the “-t” argument I added, this is so that the installation is only made from jessie-backports repository, avoiding conflicts with other packages from another repositories.


Now I assume you have apache and firewall rules ready to accept SSL traffic, if not, you must take care of that.

 Now let’s setup a certificate, you can do this in 2 ways.

One way of doing it, is by running the following command:


sudo certbot –apache


This will detect your apache configured domains, and you’ll just need to select the domains to setup a certificate, and follow the steps.


Another way is to specify a domain, in this case I’m doing it for a dummy domain, like this:

sudo certbot –apache -d -d


In this case I’ve specified domain and, you will then have to follow some steps:

You’ll be asked for a contact email address and if you want https access to be mandatory or also allow http.


You then can test the certificate by navigating to this address:


Your certificate is working!


Letsencrypt certificate have a short lifetime, they are only valid for 3 months.

To renew all your certificates, run the following command:

sudo certbot renew


or to renew only one specific domain:

sudo certbot renew –d


To automate this task, you can create a cronjob that renews all your certificates regularly:

30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log


This will renew all the expiring certificates, every month.

Now what if you want to issue an SSL certificate to use on a remote apache server?


Easy, you have to use the “certonly” and “manual” parameters like this:

certbot certonly –manual


And follow instructions, or pass all the parameters on the command, like this:

certbot certonly –manual –manual-public-ip-logging-ok –email –agree-tos –domain –domain –rsa-key-size 2048


You will then need to place a file with a specific text on the remote webserver, when done press enter to resume the process and finish the certificate creation.


Now that the certificate is created you must copy the necessary files to the remote server and tell apache where they are.


Files are usually placed here: /etc/letsencrypt/live/, copy the files to the remote server and make the necessary changes on apache.

Please follow and like me at:

Leave a Reply

Your email address will not be published. Required fields are marked *