First, let’s make sure our package manager is up to date.
#apt update -y && apt upgrade -y #apt install snapd -y #snap install core #snap refresh core
Now, we can install certbot.
#snap install --classic certbot
Prepare the certbot command, so it can be ran from the command line.
#ln -s /snap/bin/certbot /usr/bin/certbot
Finally run de certbot to start and follow the instructions on screen.
#certbot --apache
#certbot --apache root@servero:/etc/fail2ban/action.d# certbot --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Account registered. Please enter the domain name(s) you would like on your certificate (comma and/or space separated) (Enter 'c' to cancel): domainname.com Requesting a certificate for domainname.com Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/domainname.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/domainname.com/privkey.pem This certificate expires on 2023-08-25. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. Deploying certificate Successfully deployed certificate for domainname.com to /etc/apache2/sites-available/000-default-le-ssl.conf Congratulations! You have successfully enabled HTTPS on https://domainname.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - root@servero:/etc/fail2ban/action.d#
Check if Certbot SSL Certificates config already added to apache conf
#ls -la /etc/apache2/sites-available/ total 24 drwxr-xr-x 2 root root 4096 May 27 07:29 . drwxr-xr-x 8 root root 4096 May 27 07:29 .. -rw-r--r-- 1 root root 1467 May 27 07:29 000-default.conf -rw-r--r-- 1 root root 1547 May 27 07:29 000-default-le-ssl.conf -rw-r--r-- 1 root root 6338 Apr 21 22:01 default-ssl.conf
Check by open the 000-default-le-ssl.conf
#vim 000-default-le-ssl.conf <IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined ServerName domainname.com SSLCertificateFile /etc/letsencrypt/live/domainname.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/domainname.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost> </IfModule>
source: https://msmtech.ca/blog/guides/how-to-install-an-ssl-certificate-with-certbot-on-ubuntu-and-apache/
Test automatic renewal
The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:
sudo certbot renew --dry-run
The command to renew certbot is installed in one of the following locations:
/etc/crontab/
/etc/cron.*/*
systemctl list-timers
Remove certbot using snap
If you have installed certbot using snap, this will work perfectly to remove
#sudo snap remove certbot