Install Let’s Encrypt

Install Git

apt-get install git

Install Certbot

cd /opt
git clone https://github.com/certbot/certbot

Stop Apache

service apache2 stop

Generate certificate

cd /opt/certbot/
./certbot-auto certonly --standalone --rsa-key-size 4096 -d domain.xx -d www.domain.xx

Certificates and key are now installed in /etc/letsencrypt/live/domain.xx

ls -al /etc/letsencrypt/live/domain.xx

• cert.pem
• chain.pem
• fullchain.pem
• privkey.pem

Add certificate to Apache webserver

vi /etc/apache2/sites-available/domain.xx.conf

    SSLEngine on
    # SSLCertificateFile /var/www/clients/client3/web8/ssl/domain.xx.crt
    # SSLCertificateKeyFile /var/www/clients/client3/web8/ssl/domain.xx.key
    SSLCertificateFile /etc/letsencrypt/live/domain.name/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/domain.name/privkey.pem

Redirect http to https

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Start Apache

service apache2 start

Renew certificate

/opt/certbot/certbot-auto renew

See also

• Let’s Encrypt homepage
• SSL server test SSLLabs Server Test
• Mozilla SSL Configuration Generator
• CipherScan  A very simple way to find out which SSL ciphersuites are supported by a target.