Configuring the free SSL provider for your HTTP server is now a critical task for any site owner. This guide outlines the core configurations to set up a valid certificate using the official ACME client.
Prerequisites and Initial Setup
Before starting the configuration, confirm your server has a DNS record pointing to it. You will need sudo privileges and a web server like Caddy. The Certbot package must be installed via your OS repository. For example, on CentOS, run: `sudo apt install certbot` or `sudo yum install certbot`.
Obtaining the Certificate
The most common method is to use the webroot plugin. For Apache, the `--apache` or `--nginx` plugin can automatically modify your server block. Run: `sudo certbot --apache -d example.com -d www.example.com`. This initiates the verification process. If you prefer manual control, use: `sudo certbot certonly --webroot -w /var/www/html -d example.com`. This creates a validation file in your web directory.
Web Server Configuration Adjustments
After receiving the certificate, you must modify your site configuration to point to the correct paths. For Apache, the usual directives are:
- SSLCertificateFile: `/etc/letsencrypt/live/example.com/fullchain.pem`
- ssl_certificate_key: `/etc/letsencrypt/live/example.com/privkey.pem`
Ensure you enable HTTPS forwarding from HTTP to HTTPS. A 301 redirect is best practice. For Nginx, get more info include a `return 301 https://$host$request_uri;` or use `RewriteEngine On` with `RewriteRule`.
Automated Renewal and Verification
Let's Encrypt certificates are valid for 90 days. Certbot sets up a cron job to update them automatically. To test the renewal process, run: `sudo certbot renew --dry-run`. Monitor your server logs for warnings. If the renewal does not work, check for firewall issues.
Security Hardening (Optional but Recommended)
To improve security, enable HTTP Strict Transport Security (HSTS) by adding `add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;` in your server block. Also, disable TLS 1.0 and enable modern ciphers. A solid configuration secures your clients from vulnerabilities.
By following these steps, your site will be secured with a automated Let's Encrypt certificate, providing trust for every connection.