1. Home
  2. Linux
  3. Ubuntu
  4. How to Install Let’s Encrypt with Apache on Ubuntu 16.04

How to Install Let’s Encrypt with Apache on Ubuntu 16.04

How to Install Let’s Encrypt with Apache on Ubuntu 16.04
How to Install Let’s Encrypt with Apache on Ubuntu 16.04


In this tutorial we will teach you how to install Let’s Encrypt with Apache on Ubuntu 16.04.

Let’s Encrypt is an open SSL Certificate Authority (CA) which offers free domain validated (DV) certificates for your websites. SSL Certificates are used to ensure a secure encrypted connection between a web server and a user’s web browser. SSL Certificates need to be issued by Let’s Encrypt and they are valid for 90 days. Note that they are the most trusted by many web browsers today.


To begin with the installation process, you are required to have Apache or Nginx installed on your server. If you have no web server installed on your virtual server, use the guide below to install Apache. You will also require a registered domain name with its record pointing to your server’s IP address. For the purpose of this guide we are going to use ‘yourdomain.com’

Step 1: Install CertBot

Execute the commands below.

sudo apt-get install software-properties-common python-software-properties
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache

Step 2: Install Let’s Encrypt SSL

Install Let’s Encrypt SSL certificate on your domain making sure to replace ‘yourdomain.com’ with your own domain.

sudo certbot --apache -d yourdomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): [email protected]

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
(A)gree/(C)ancel: A

Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
(Y)es/(N)o: N

Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for linuxhostsupport.com
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
Deploying Certificate for yourdomain.com to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf

Step 3: Redirecting the HTTP traffic to HTTPS

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect – Make no further changes to the webserver configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf

Congratulations! You have successfully enabled https://yourdomain.com

Step 4: Reneweing the SSL certificate with a cron job

Create a cron job so the SSL certificate is renewed automatically. Execute the following commands.

crontab -e

After, append the following line.

0 0 1 * * /usr/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log

Save and close the file, then restart the cron service so the changes take effect.

service cron restart
Open ‘https://yourdomain.com’ using the web browser of choice and verify if Let’s Encrypt SSL is installed correctly.
This is all, the Let’s Encrypt SSL certificate should now be installed successfully on your website.

Updated on December 23, 2018

Was this article helpful?

Related Articles

Leave a Comment

[apsl-login-lite login_text='Please login with a social account']