Let's Encrypt SSL Certificates with Certbot for Debian 9

Let's Encrypt has been the engine to push SSL adoption, with simple, free and well accepted SSL certificates.

On top of improved security/privacy, It is no secret that Google itself promote HTTPS website over HTTP, which now became an important factor for Search Engine Optimization (SEO).

The installation on Debian is still pretty simple, but changed in the last year (my previous article is thus depreciated). Here is how to setup SSL certificates for your website, using Let's Encrypt.

You can find the official doc here and if you are using Debian 9 like me, here is how to do.

1) Add backports repo to your sources list

Modify your sources.list:

sudo nano /etc/apt/sources.list

and add

deb http://ftp.debian.org/debian jessie-backports main Save and update your packages list'

sudo apt update

2) Install Certbot

Now install certbot from the backports:

sudo apt install python-certbot-apache -t stretch-backports

3) Generate the SSL certificates and configurations

Run:

sudo certbot --installer apache

You will have a list of options to select, such as the authenticator (I used the beta version of apache authenticator, works well, option 1) Then you need to select the list of virtualhost to add SSL certificates and select if you want to force HTTPS or not. (Yes in my case)

Once done, reload apache

systemctl reload apache2

4) Automate Renewal

Before that your certificate expire, you will need to renew it. Let's automate this ;)

sudo crontab -e

And add

@daily certbot renew --quiet

That's it!