Let's Encrypt has been the engine to push SSL adoption, with simple, free and well accepted SSL certificates.
On top of improved security/privacy, It is no secret that Google itself promote HTTPS website over HTTP, which now became an important factor for Search Engine Optimization (SEO).
The installation on Debian is still pretty simple, but changed in the last year (my previous article is thus depreciated). Here is how to setup SSL certificates for your website, using Let's Encrypt.
You can find the official doc here and if you are using Debian 9 like me, here is how to do.
1) Add backports repo to your sources list
Modify your sources.list:
sudo nano /etc/apt/sources.list
deb http://ftp.debian.org/debian jessie-backports main Save and update your packages list'
sudo apt update
2) Install Certbot
Now install certbot from the backports:
sudo apt install python-certbot-apache -t stretch-backports
3) Generate the SSL certificates and configurations
sudo certbot --installer apache
You will have a list of options to select, such as the authenticator (I used the beta version of apache authenticator, works well, option 1) Then you need to select the list of virtualhost to add SSL certificates and select if you want to force HTTPS or not. (Yes in my case)
Once done, reload apache
systemctl reload apache2
4) Automate Renewal
Before that your certificate expire, you will need to renew it. Let's automate this ;)
sudo crontab -e
@daily certbot renew --quiet