How to install free ssl in Apache Ubuntu | Digital Ocean Tutorial

By Parth Patel on Aug 15, 2016

As you may know, Google gives more importance to sites who are secured with  TLS/SSL and thus to rank up well and have trusted branding, almost everyone needs ssl. Usually ssl certificates cost a lot but there are some free ssl providers who does the great job. But dilemma is How to install ssl in apache in your VPS server. Many are still using shared hosting though, to them I will suggest Digital Ocean as they provide affordable yet high performance hosting.

install ssl digital ocean

If you don't know how to configure digital ocean or other vps hosting you can use Server Avatar which is free service which lets you configure your server with few clicks.

Here I will be showing How to configure Free SSL provided by Let's Encrypt in your Apache server.

Follow below given steps to install ssl using ssh in apache ubuntu

Install Free SSL Certificate in Apache Ubuntu 14.04


  • An Apache Ubuntu 14.04 VPS server with access to SSH
  • One or more domains configured on the server
  • A cup of coffer ;)


  • Open SSH terminal and log in. Simply write following commands and press enter to run command
  • Install server dependencies by running this command:
    • sudo apt-get update
  • Install git to install Let’s Encrypt client:
    • sudo apt-get install git
  • Now install Let's Encrypt Client. Here we will clone the Let’s Encrypt repository under /opt which is standard directory for keeping 3rd party software
  • Now go to let's encrypt directory:
    • cd /opt/letsencrypt
  • Now access the ssl certificate and install (replace with your domain)
    • Install on one domain :  ./certbot-auto --apache -d
    • Install on multiple domain(Recommended) : ./certbot-auto --apache -d -d
  • That's it!! You can check the status using

Install Free SSL Certificate in Apache Ubuntu 16.04


  • An Apache Ubuntu 16.04 VPS server with access to SSH
  • One or more domains configured on the server
  • A cup of coffer ;)


  • With the latest 16.04 ubuntu installation, you no longer need to download the certbot client. Certbot is packaged with your Ubuntu system.
  • Execute following command to install
    • sudo apt-get install python-letsencrypt-apache
    • letsencrypt --apache -d -d
  • That's it!

Automate SSL Certificate Renewal on Ubuntu

Let's Encrypt SSL Certificates are valid for 90 days only and it needs to renewed but they do provide renewal command and thus you can  automate the SSL renewal task by creating a cron job. If you don't know what is cron job, don't worry just execute the commands, it will take care.

Now to create a new cron job, you need to edit the crontab. For that, run following command as root

sudo crontab -e

Include the following command in one line:

30 5 * * 3 /opt/letsencrypt/certbot-auto renew >> /var/log/le-renew.log

 Here Each line has five time-and-date fields  separated by spaces. The five time-and-date fields are as follows: minute (0-59), hour (0-23, 0 = midnight), day (1-31), month (1-12), weekday (0-6, 0 = Sunday).

Thus you can change the cron job to any time and it will periodically check for renewal at that time.

Save and exit. ( Press Ctrl + X)

Notes for Cloudflare Users

To perform above installation, you first need to disable/pause cloudflare and then execute above commands. After then, you can enable/continue cloudflare with full strict ssl option too.

Only problem is, automatic renewal won't work with cloudflare so when expiry date will be near, letsencrypt will send you email about the expiration notice.

Execute below steps for Ubuntu 14.04

  • Just disable the cloudflare again
  • Go to /opt/letsencrypt/ (execute cd /opt/letsencrypt/)
  • Run
    .certbot-auto renew

Execute below steps for Ubuntu 16.04

  • Just disable the cloudflare again
  • Run
    letsencrypt renew

Thanks for following, Here we learned How to install free ssl in Apache Ubuntu using Let's Encrypt and also automate the renewal process thus saving the manual renewal headache.

Stay tuned!

Source: Digital Ocean | Let's Encrypt