If you are going to set up a web server on a Raspberry Pi or any other computer (like a VPS), one of the things you will need is an SSL certificate.
The SSL certificate (Secure Sockets Layer) allows us to encrypt communications between the server and users, ensuring the security and privacy of data.
In addition to security, it enables the use of protocols like https
or http2
(these require an SSL certificate), which are much faster and more efficient.
In other words, as of today, it is simply essential to have an SSL certificate. Otherwise, for example, users will see a warning when accessing our web pages.
Fortunately, we also have options to generate certificates easily and for free.
For example, today we will see how to obtain and install an SSL certificate using Let’s Encrypt, a free and automated certificate authority.
Prerequisites
First, we will assume you have a configured HTTP web server. That is, you have the following:
- Domain purchased (in the tutorial, I will call it midominio.com)
- Web server properly configured (either Apache or Nginx)
The server must be running, logically in HTTP (not HTTPS yet) because you do not have the SSL certificate yet.
But it is necessary to have the server running because during the process, the certification utility will check that the domain works correctly.
In summary, it does this by recording a small file on the server and checking that everything is correct. It then deletes and leaves everything clean.
Additionally, it is advisable that our system is up to date. For that, we run the following commands.
sudo apt update
sudo apt upgrade
Install Certbot and the plugin for your web server
Certbot is the official Let’s Encrypt tool for obtaining SSL certificates. Depending on the web server you use (Apache or Nginx), choose the corresponding command:
For Apache:
sudo apt install certbot python3-certbot-apache
For Nginx:
sudo apt install certbot python3-certbot-nginx
Obtain an SSL certificate
With Certbot installed, we can obtain an SSL certificate. Again, the commands vary slightly depending on the web server you are using.
For Apache:
sudo certbot --apache -d midominio.com -d www.midominio.com
For Nginx:
sudo certbot --nginx -d midominio.com -d www.midominio.com
The -d
parameter specifies the domains for which you want the certificate. We can add more domains separated by space if necessary.
It is common to generate the certificate for the domain with www and without www at a minimum.
During the process, Certbot will ask you for some confirmations, such as providing an email address for notifications and accepting the terms of service.
Certbot will also ask if you want to redirect all traffic to HTTPS. It is recommended to select this option to ensure that all connections are made securely.
Configure Automatic Certificate Renewal
Let’s Encrypt certificates are valid for 90 days. To renew them automatically, Certbot installs a cron job or systemd timer that runs twice a day and renews certificates that are about to expire.
To test the automatic renewal, run:
sudo certbot renew --dry-run
Verify the Configuration
After installation, verify that the certificate is correctly configured by visiting https://midominio.com
in your browser.
You should see the security lock 🔒, indicating that the site is secured with HTTPS. Congratulations! You now have your SSL certificate working.