__ __       _______ _______ _______ ___ _______ ___     _______ _______ 
 .--|  |  |_    |   _   |   _   |       |   |   _   |   |   |   _   |   _   |
 |  _  |   _|   |.  1   |.  l   |.|   | |.  |.  1___|.  |   |.  1___|   1___|
 |_____|____|   |.  _   |.  _   `-|.  |-|.  |.  |___|.  |___|.  __)_|____   |
                |:  |   |:  |   | |:  | |:  |:  1   |:  1   |:  1   |:  1   |
                |::.|:. |::.|:. | |::.| |::.|::.. . |::.. . |::.. . |::.. . |
                `--- ---`--- ---' `---' `---`-------`-------`-------`-------'
                                                                             

Installing Let's Encrypt On Your Ubuntu Server

By Derek Taylor at January 4, 2020

Downloading Let's Encrypt

Log into your server. At the command line, let's update our system before installing any software:

apt update

apt upgrade

Then install git if it's not already installed.

apt install

Download a clone of Let's Encrypt from their GitHub repository. It is standard practice to install third-party packages to /opt, so you should place it there.

git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

Navigate to the /opt/letsencrypt directory that was created.

cd /opt/letsencrypt

Creating The SSL Certificate

Run Let's Encrypt for your domain requiring the certificate. Note that we did this for two domains–one with the www prefix and one without.

./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

You will be asked for an email address to regain control of a lost certificate and receive urgent security notices. Agree to the Terms of Service. You may be asked if you wish to share your email address with the Electronic Frontier Foundation (feel free to say “no” if you wish).

If everything worked properly, you should receive a message similar to the following:

    IMPORTANT NOTES:
    - If you lose your account credentials, you can recover them through
    e-mails sent to somebody@example.com.
    - Congratulations! Your certificate and chain have been saved at
    /etc/letsencrypt/live/example.com/fullchain.pem. Your
    cert will expire on 2020-03-31. To obtain a new version of the
    certificate in the future, simply run Let's Encrypt again.
    - Your account credentials have been saved in your Let's Encrypt
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Let's
    Encrypt, so making regular backups of this folder is ideal.
    - If you like Let's Encrypt, please consider supporting our work by
    Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

You may want to use Certbot with Let's Encrypt

Certbot (https://certbot.eff.org/) is a free, open source software tool for automatically using Let’s Encrypt certificates. One of the neat things about Certbot is that when you create your certificate using this tool, it automatically creates a cron job for renewing your certificate. How sweet is that! The Certbot tool is made by the EFF.