Let’s Encrypt is an open certificate authority and provides free SSL Certificates. It’s popular for it’s simplicity to setup. It’s been founded by Mozilla, Cisco and many more.
The setup process is very simple, I have explained it in 3 steps:
In the bottom section I have also mentioned the problems I faced and the solutions that worked.
Make Sure that your website is running on Apache server configured through VirtualHosts and specifies ServerName
Step 1: You should specify ServerName by opening up the /etc/apache2/enabled-sites/000-default.conf
and uncomment the line #ServerName = example.com
in place of example.com put your own domain name
In case you want to give certificate to multiple sub-domains like example.com as well as www.example.com,
right below ServerName, give a ServerAlias
ServerAlias = www.example.com
Step 2: login to your Ubuntu Server and install Let’s Encrypt.
if you are logged-in as root user then run these commands without sudo
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache
Step 3: Now, we will use certbot to generate SSL certificate.
for single domain execute this command
sudo certbot --apache -d example.com
for giving certificate for multiple domains or subdomains
sudo certbot --apache -d example.com -d www.example.com
Note: if you have more than one domain pointing to a VirtualHost then
make others ServerAlias like shown in Step 1 before running this command.
After running the command, you will be asked to enter your email, and asked to choose between http and https redirection, Its recommended you choose https for all.
After the installation is finished you can find the generated certificate files at /etc/letsencrypt/live
Now, you can access your website with https
No need to read the rest if it worked for you.
Here are some problems I faced while following the above steps.
running this command:
certbot –apache -d example.com -d www.example.com
showed the following error:
We were unable to find a vhost with a ServerName or Address of www.example.com.
Which virtual host would you like to choose?
(note: conf files with multiple vhosts are not yet supported)
——————————————————————————-
1: 000-default.conf | example.me | | Enabled
2: 000-default-le-ssl.conf | example.me | HTTPS | Enabled
——————————————————————————
Solution:
in /etc/apache2/enabled-sites/000-default.conf
added a new line
ServerAlias = www.example.me
Note: I have already shown this in Step 1
Another error after correcting the first one was a Django Project wsgi related:
Action ‘configtest’ failed.
The Apache error log may have more information.
AH00526: Syntax error on line 14 of /etc/apache2/sites-enabled/000-default.conf:
Name duplicates previous WSGI daemon definition.
Rolling back to previous server configuration…
Solution:
followed this link:
https://github.com/certbot/certbot/issues/1820
and edited the 000-default.conf and commented out the first line
#WSGIDaemonProcess myproject python-path=/var/www/myenv:/var/www/myenv/lib/python2.7/site-packages
WSGIProcessGroup myprojectt
WSGIScriptAlias / /var/www/myenv/src/myproject/wsgi.py
now restarted apache server
and then again ran the same command
this time got no error!
then I uncommented it again and restarted server, this was necessary because I was getting Internal server error.
Note: in the 000-default-le-ssl.conf file which was generated by certbot, that line is still commented out but it doesn’t not give any problem so I don’t touch it 🙂