How to add a let’s encrypt SSL certificate to apache

We will show you how to setup a TLS/SSL certificate from Let's Encrypt on an Ubuntu server 16.04 running apache.

An SSL Certificate helps encrypt traffic between a web server and a web client. Let's Encrypt provides free trusted SSL certificates.

Ok, let's get down to it.

install let’s encrypt ssl on apache ubuntu

What we need:
- An up-to-date Ubuntu 16.04 server with a user account with sudo access.
- Apache web server installed and operational with at least one domain name/virtual host.

1- Let's install the Let's Encrypt client

Let's encrypt certificates are pulled by using a client software on your server, the client is called Certbot and their developers maintain their Ubuntu software repository.
Since Certbot's development is active it's best to use their repository to make sure we get the latest version available, so let's add the repository first by running "sudo add-apt-repository ppa:certbot/certbot" and hit ENTER as shown below:

letsencrypt certbot repository ubuntu

then "sudo apt-get update" to include the new repository's package information, as shown below:

letsencrypt certbot apt-get update

Let's now install Certbot from the new repository by running "sudo apt-get install python-certbot-apache -y" which will result in this:

letsencypt apt-get install certbot on ubuntu

After this we should have certbot let's encrypt client installed and ready to be used.

Let's now setup the SSL certificate using certbot.

It's a fairly simple process and the client will automaitcally obtain and install a new SSL certificate that is valid for the domains that we specify.

To run the interactive installation and obtain a certificate that covers a single domain let's run the certbot command "sudo certbot --apache -d", where is your domain, if the website is accessible and operational it should succeed:


If you want to install a single certificate that can be used for multiple domains or subdomains we can use additional parameters. The first domain name in the list will be the base domain used by Let's Encrypt to issue the certificate, so we recommend that you pass the top-level domain name as first in the list, followed by the reset of the subdomains by running the command:

# sudo certbot --apache -d -d

In this example the base domain is If you have multiple virtual hosts you should run certbot once for for every domain to generate the new certificate for each.

The generated certificate files are located in /etc/letsencrypt/live, you can verify the status of a certificate by going to the following link, make sure to adapt it to your domain name:

You should now be able to access your website with via https.

Let's now verify Certbot Auto-Renewal works:

Every Let's Encrypt certificate is valid for only 90 days, however, certbot takes care of renewing them by running "certbot renew" twice a day via systemd. If your linux distro doesn't have systemd this functionally is enabled by a cron script placed in /etc/cron.d.

To test the renewal process you can do a dry run with certbot by running:
   #sudo certbot renew --dry-run

If no errors are reported then you're good. 

With this guide we learned how to install and configure let's encrypt which enables us to install free SSL certificates to secure our websites running on Apache.

If you have a project in mind and need a KVM VPS to run it on make sure to check out our plans at and use coupon code ONTUTORIALS for a recurring discount!

  • ssl certificate, let’s encrypt, apache, ubuntu, free ssl
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to change maximum upload size in php.ini

  There are a few common errors that occur in Wordpress and other PHP-based programs that use...

How to change the primary IP address of a cPanel server

Steps in WHM: Log into WHM and go to Basic cPanel & WHM Setup Change the Primary IP here...

How to install WordPress with Docker on Ubuntu 16.04

Before we start, it is necessary to install Docker and Docker Compose. On Ubuntu 16.04, this can...

How to enable the gzip/deflate in nginx server on a Linux or Unix system

Ever thought of enabling gzip compression on nginx web server for JS/CSS/HTML files? Here is...

How to Upgrade Kernel to Latest Version in Ubuntu

It is important to keep your systems up-to-date, here we'll show you how to upgrade your kenerl...