Let’s encrypt


Get Certbot the linux client.

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

I recommend installing it in:

mv certbot-auto /opt/certbot-auto

Create an alias for it:

alias certbot-auto='/opt/certbot-auto'

Refresh bash:

. ~/.bash_profile


Allow HTTPS to your server:

Port 443

Enable SSL module:

sudo a2enmod ssl

Add your naked example.conf and www-example.conf.

Try letting certbot-auto setup everything. This will create both example-le-ssl.conf and www-example-le-ssl.conf .

certbot-auto --cert-name example.com -d example.com,www.example.com --apache --redirect

Make sure your .htaccess (in your app’s root) doesn’t have any weird redirect.

Auto renew

The cert expires in 90 days. Create a crontab to check everyday:

0 5 * * * /opt/certbot-auto renew --quiet --no-self-upgrade
12 5 * * * /opt/certbot-auto renew --quiet --no-self-upgrade

Renewal will fail if there are any redirects from HTTP to HTTPS.


redirect http to https

certbot user guide