Score:0

Is certbot a good way to get https:// certificates?

es flag

I am setting up a cloud server using Ubuntu 20.04 Server.

I will never have many visitors, just my students doing homework.

I want to enable https:// access.

I found this page.

Is certbot a good way to go??

I have never done this before.

cocomac avatar
cn flag
_Good_ is subjective. But yes, [Let's Encrypt](https://letsencrypt.org/) is a good easy way to get a free SSL certificate and Certbot is a good command-line tool to get Let's Encrypt certificates. I suggest following the [official Certbot guide](https://certbot.eff.org/). Assuming you have an Apache web server running on Ubuntu 20.04, you can enter that in the official config tool, and [it will give you directions](https://certbot.eff.org/lets-encrypt/ubuntufocal-apache).
FedKad avatar
cn flag
I have been using Let's Encrypt since its first days and it works quite good. Thanks to LE, nowadays `https` has become the norm on the Web. The technicalities may seem a bit difficult at first sight (if you have not done something like this before), but follow the tutorials closely and you will manage to implement what you want.
ru flag
DO NOT add "Solved" and your 'solution' to the question, this is not a forum site. Simply accept the answer like you did, and continue on. I've reverted the question back to where it was before your latest 'solution' edits.
Score:5
cn flag

Good is subjective? Does it mean easy? Quick? Free? I think Let's Encrypt is good, but that is just my opinion.

Before I properly answer the question, I need to clarify something. Let's Encrypt is a free trusted certificate authority that issues SSL certificates. Certbot is the tool that Let's Encrypt recommends to actually get, and automatically set up, the certificates.

Let's Encrypt does have some issues, but for a small site ran by an Apache server, for a few people, it should be fine. If you are curious, take a look at this Security SE question that explains potential issues with Let's Encrypt.

To enable https://, you need to get a certificate trusted by your client's computers*.

There are plenty of guides out there, but I suggest the official one, as it is pretty good. I'm assuming you have SSH (or shell) access to your Apache server, and that it is publically accessible. Head over to the Cerbot website. Fill out what your server is running on. For this answer, I selected Apache and Ubuntu 20.04 based on your question, but you should select whatever is correct for you.

This is a shortened version of the directions from the Certbot guide for Apache on Ubuntu 20.04.

  1. Make sure Snap is installed. If you have Ubuntu 20.04 (or most supported versions of Ubuntu) it is. If not, check out these directions from the Snapcraft website.
  2. Run this to install the snap core and update if needed sudo snap install core && sudo snap refresh core
  3. Install Certbot sudo snap install --classic certbot
  4. Make sure it can be run by linking it to the /usr/bin folder sudo ln -s /snap/bin/certbot /usr/bin/certbot

If you want it to auto-install the certificate, run sudo certbot --apache. If you prefer to make the changes to the config file yourself, run sudo certbot certonly --apache. The Let's Encrypt certificates expire after 90 days. So, it can automatically renew them for you. Run sudo certbot renew --dry-run to test auto-renewal. If it works fine (without errors) then auto-renewal is good to go.

Reboot the server, and then your website should work with https.

*Technically, you could make your own, but it would display in their browsers that it isn't trusted, so you really shouldn't.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.