FabLab Kamp-Lintfort

letsencrypt is a free SSL certificate that can be installed in any website.
The certificate must be renewed every 3 months, and that can either be done manually or automatically with a script on the server.

More information on letsencrypt can be found here:
https://letsencrypt.org/

And certbot is found here:
https://certbot.eff.org/

The procedure we followed is reported from the certbot website, here https://certbot.eff.org/instructions.
Our server specifications are Ubuntu 16.04 (xenial) and apache.

1 SSH into the server

SSH into the server running your HTTP website as a user with sudo privileges.

2 Install snapd

You'll need to install snapd and make sure you follow any instructions to enable classic snap support.
Follow these instructions on snapcraft's site to install snapd: https://snapcraft.io/docs/installing-snapd

3 Ensure that your version of snapd is up to date

Execute the following instructions on the command line on the machine to ensure that you have the latest version of snapd.

sudo snap install core; sudo snap refresh core

4 Remove certbot-auto and any Certbot OS packages

If you have any Certbot packages installed using an OS package manager like apt, dnf, or yum, you should remove them before installing the Certbot snap to ensure that when you run the command certbot the snap is used rather than the installation from your OS package manager.
The exact command to do this depends on your OS, but common examples are sudo apt-get remove certbot, sudo dnf remove certbot, or sudo yum remove certbot.

If you previously used Certbot through the certbot-auto script, you should also remove its installation by following the instructions here https://certbot.eff.org/docs/uninstall.html

5 Install Certbot

Run this command on the command line on the machine to install Certbot.

sudo snap install –classic certbot

6 Prepare the Certbot command

Execute the following instruction on the command line on the machine to ensure that the certbot command can be run.

sudo ln -s /snap/bin/certbot /usr/bin/certbot

7 Choose how you'd like to run Certbot

Either get and install your certificates…
Run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it, turning on HTTPS access in a single step.

sudo certbot –apache

Or, just get a certificate

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, run this command.

sudo certbot certonly –apache

8 Set the certificate on auto renew

Open crontab as sudo:

sudo crontab -e

Use the following command to execute the autorenw every day at noon:

0 12 * * * /usr/bin/certbot renew –quiet