Let’s encrypt


Get Certbot the linux client.

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

I recommend installing it in:

mv certbot-auto /opt/certbot-auto

Create an alias for it:

alias certbot-auto='/opt/certbot-auto'

Refresh bash:

. ~/.bash_profile


Allow HTTPS to your server:

Port 443

Enable SSL module:

sudo a2enmod ssl

Add your naked example.conf and www-example.conf.

Try letting certbot-auto setup everything. This will create both example-le-ssl.conf and www-example-le-ssl.conf .

certbot-auto --cert-name example.com -d example.com,www.example.com --apache --redirect

Edit example.conf and example-le-ssl.conf to redirect to https://www.example.com:

RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Make sure your .htaccess (in your app’s root) doesn’t have any weird redirect. Otherwise you’ll get:

The client lacks sufficient authorization

Auto renew

The cert expires in 90 days. Create a crontab to check everyday:

0 5 * * * /opt/certbot-auto renew --quiet --no-self-upgrade
12 5 * * * /opt/certbot-auto renew --quiet --no-self-upgrade

Renewal will fail if there are any redirects from HTTP to HTTPS.


redirect http to https

certbot user guide


failed to fetch error occurs when apt-get update

  1. Check your Ubuntu release version.
    lsb_release -r
  2. Go to http://repogen.simplylinux.ch/ to generate a new sources.list
  3. Select your country & release
  4. Check the first 12 boxes
  5. Generate
  6. Backup the old file to sources.list before you try the new one.

Thank you RienNeVaPlus