This tutorial briefly covers creating new SSL certificates for your website.
To begin, we will be installing certbot, a simple script that will automatically renew our certificates and allow much
cleaner creation of them. The command below is for Ubuntu distributions, but you can always check Certbot's official
site for installation instructions. We have also included a command below to install certbot's
NGINX/Apache plugin so you won't have to stop your webserver.
sudo apt update
sudo apt install -y certbot python3-certbot-nginx
sudo apt update
sudo apt install -y certbot python3-certbot-apache
After installing certbot, we need to then generate a certificate. There are a couple ways to do that, but the easiest
is to use the webserver-specific certbot plugin you just installed.
Then, in the command below, you should replace example.com with the domain you would like to generate a certificate
for. If you have multiple domains you would like certificates for, simply add more -d anotherdomain.com flags to the
command. You can also look into generating a wildcard certificate but that is not covered in this tutorial.
Since we are using certbot's NGINX/Apache plugin, you won't need to restart your webserver to have the certificate
applied (assuming that you've already configured the webservers to use SSL).
certbot certonly --nginx -d example.com
certbot certonly --apache -d example.com
Use this if neither works. Make sure to stop your webserver first when using this method.
certbot certonly --standalone -d example.com
If you get an Insecure Connection or related error when trying to access your website, it is likely that the SSL certificate has expired.
This can be easily fixed by renewing the SSL certificate, although using the command certbot renew won't do the job. As it'll give a error like: Error: Attempting to renew cert (domain) from /etc/letsencrypt/renew/domain.conf produced an unexpected error.
This will happen especially if you're running NGINX instead of Apache. The solution for this is to stop NGINX, then renew the certificate, finally restart NGINX.
Stop NGINX:
systemctl stop nginx
Renew the certificate:
certbot renew
Once the process has complete, you can start the NGINX service:
systemctl start nginx
Stop apache2:
systemctl stop apache2
Renew the certificate:
certbot renew
Once the process has complete, you can start the apache2 service:
systemctl start apache2