Installing free of charge SSL certificate

Submitted by Peter Majmesku on Mon, 08/29/2016 - 20:57

Installing free of charge SSL certificate from in Apache 2 webserver on Ubuntu 14.04. SSL certificates are cost-free nowadays. is providing a service which lets you get SSL certificates that are free and work in the common web browsers. The following commands must be executed on the same machine on which your webserver is running. Because must be allowed to access it. Download the certbot from and make the binary executable:

chmod a+x certbot-auto

Now temporary stop your Apache server, to download the certificates.

sudo service apache2 stop

Now run the certbot program to download the certificates:

./certbot-auto certonly

This program leads you trough a short form process within your terminal. Asking you for the domain you want to secure.

Mind the SSL certificate renewal

The SSL certificate is valid for 3 months. You will get notified about this via the terminal output from the certbot. It looks like this, if you have executed the "./certbot-auto certonly" command at 23.07.2016:

 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/ Your cert will
   expire on 2016-10-21. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot-auto again. To
   non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:
   Donating to EFF:          

There's an automatic way to accomplish the renewal. You can add this line to your crontab, to automatically re-new the certificates:

30 4 1 * * sudo service apache2 stop && ./certbot-auto renew --standalone && sudo service apache2 start

Enable the SSL certificate on your web server

Enable SSL in your Apache setup:

sudo a2enmod ssl

Now as you have the certificates, you can integrate them in your Apache 2 VHost configuration at /etc/apache2/sites-available/. Change "" to your domain name.

 SSLEngine on
   SSLCertificateFile    /etc/letsencrypt/live/
   SSLCertificateKeyFile /etc/letsencrypt/live/
   SSLCertificateChainFile /etc/letsencrypt/live/ 

Switch the virtual host port from 80 to 443. For this set the following in your Vhost configuration file: 

<VirtualHost *:80>


 <VirtualHost *:443>

Small tweak for SEO

Search engines expect that a web page can be accessed by only one address on your website. To redirect all requests from http to https and ensure that only will be requested and not "and", you can setup the redirect within your VHost file. Add this to the top of the configuration file for your virtual host: 

# Redirect all requests to SSL and ensure www. subdomain is re-directed, too.

<VirtualHost *:80>


Redirect /


<VirtualHost *:80>


Redirect /


<VirtualHost *:443>


Now restart Apache and happy SSL usage: 

sudo service apache2 restart

A complete Apache2 Vhost config file example:

<VirtualHost *:80>

VirtualHost *:80>

VirtualHost *:443>

    ServerAdmin webmaster

    SSLEngine on

<Directory /var/www/>
Options Indexes FollowSymLinks
            AllowOverride All
Require all granted

ErrorLog ${APACHE_LOG_DIR}/error.log
${APACHE_LOG_DIR}/access.log combined