Skip to content

SSL Certificate guide

This document introduces the steps how to get an SSL certificate that verifies the identity of a website and allows an encrypted connection.

Original Author: Matti Saarelma & Samuli Ylönen

1 Introduction#

This document introduces the steps how to get an SSL certificate that verifies the identity of a website and allows an encrypted connection. SSL-certificate is a digital certificate that verifies the identity of a website and enables an encrypted connection.

"SSL stands for Secure Sockets Layer, a security protocol that creates an encrypted link between a web server and a web browser." Source: https://www.kaspersky.com/resource-center/definitions/what-is-a-ssl-certificate

2 Certbot#

A simple way to create a certificate is to do it using Certbot.

Many hosting providers have built-in tools for deploying HTTPS. Before using Certbot, check if your service provider is one of them.

Certbot is a free, open source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.

Source: https://certbot.eff.org

3 Example Apache server over 20.04 Ubuntu#

Basic steps to get Apache service to 20.04 Ubuntu:#

sudo apt update
sudo apt install apache2
sudo ufw allow 'Apache'
sudo systemctl status apache2

to see that Apache server is running correctly

STEP 2: Find your dns:#

Resolve your IP address using dig.

dig +short myip.opendns.com @resolver1.opendns.com

Check in browser that your service is running.

Resolve your DNS address for your certificate with nslookup.

nslookup + IP-address

STEP 3: Use Certbot to get SSL-certificate:#

Go to: https://https://certbot.eff.org

Select software that you are using:

And pick your system:

At first make sure that you have snap installed on your system. If you are running Ubuntu 16.04 LTS or later, you don’t need to do anything, snap is already installed and ready to go.

Ensure that you have latest version of snap:

sudo snap install core; sudo snap refresh core

Run this command on the command line on the machine to install Certbot:

sudo snap install --classic certbot

To ensure that the certbot command can be executed:

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Get and install your certificates:

sudo certbot --apache

Agree terms of service:

Enter email address for renewal and security notices:

Enter your service domain name, notice IP address do not work:

You have successfully enabled HTTPS on your service.

After enabled Certificate refresh your service in browser. The connection is secure and verifed by Let's Encrypt

Certbot packages comes with a cronjob or a systemd timer that automatically renews certificates before they expire.

So you do not need to run Certbot again unless you change your configuration.

To test for automatic certificate renewals, run the following command:

sudo certbot renew --dry-run