SSL certificates protect your visitors’ data, increase your search engine ranking and help establish trust with your audience.
You can install SSL certificates on your websites for free with Let’s Encrypt and Certbot from the Electronic Frontier Foundation.
Before you can install SSL certificates for your domains on your server, you need to create a DNS ‘A’ or ‘Address’ record for each of your domains at your domain registrar (eg: GoDaddy, Amazon Route 53, etc) that points at the IP address of your server. Certbot will check each domain to confirm that the ‘A’ or ‘Address’ record exists and that it points at your server before it will issue the SSL certificate.
Install SSL Certificates with Certbot
ssh -i ~/.ssh/supernifty firstname.lastname@example.org RETURN
Install the Certbot software on the Apache web server:
sudo apt install certbot python3-certbot-apache RETURN
Install SSL certificates for each of your domains:
sudo certbot –apache RETURN
You’ll be asked for an email address for renewal and security notices, you’ll need to accept the terms and conditions, etc.
If you have multiple domains configured on the server, it will display them as an ordered list and ask you which specific domain you’d like to work with. Either pick the domain you want to work with or leave the answer blank and it will attempt to install SSL certificates for all of them.
You’ll be asked if you’d like to redirect all traffic to your website(s) to https.
SSL certificates are designed to auto-expire in order to keep the encryption for your website up to date. When you first create an SSL certificate, Certbot sets a timer that auto-renews your SSL certificate every 3 months.
To confirm that the timer is working properly:
sudo systemctl status certbot.timer RETURN
to get a timer status report. When you’re finished, hit CONTROL-C to return to the command prompt.
To do a dry run of the SSL certificate renewal process:
sudo certbot renew –dry-run RETURN
and it will run through the paces of the renewal process without affecting the current SSL certificate you just installed.
After you’ve gone through the process above, you should be able to securely visit your websites via https.
Now you’re ready to install Fail2Ban which helps protect your server by automatically blocking any IP address that it sees malicious activity coming from.