The good folks at the Let’s Encrypt project have made supporting encrypted connections ridiculously easy.
First install Certbot, the Let’s Encrypt client:
sudo apt install python-certbot-apache
Let Certbot obtain and install a domain validation certificate for your site(s):
sudo certbot --apache
Let’s Encrypt certificates last for 90 days but can be renewed automatically using the
sudo certbot renew
We can set up a cron job to run this command automatically. Edit the root user’s crontab using:
sudo crontab -e
Add the following line:
30 0 * * * /usr/bin/certbot renew
This will run the
renew command at 00:30 each day. Note that
renew only renews certificates that are actually expiring so running the command daily does not place an unnecessary burden on the Let’s Encrypt servers.