Install Let’s Encrypt SSL on Raspberry Pi

I love Let’s Encrypt. It’s free SSL, it’s safer because of the auto-renewal and it’s so easy to setup. No more emailing around validating company name and whatnot.

The installation on server level has also got a lot easier in the past years. The following will work for both Raspbian and Ubuntu.
For other systems check the official site, just select the correct OS and webserver.

Let’s Encrypt will work through a program called Certbot. We will install Certbot and that will get the free SSL certificates from Let’s Encrypt.

To install run these 2 commands, these might take a while:

sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot

Once this is done we can start getting the SSL-certificates. Run:

sudo certbot --nginx

Since it’s the first time running it will ask for email and some other stuff.

The first setup of Certbot
The first setup of certbot

For the next step you can select specific domains, or all.

The first setup of Certbot
The first setup of certbot

It should create and set all certificates correctly. If in the future you add a new domain just rerun the command sudo certbot --nginx and select the new domains.

Auto renewal

Let’s Encrypt certificates are valid for 90 days, this is for security reasons. This does mean they need to get renewed periodically.
By default Certbot should have installed auto renewal. But we are going to check it with the command: systemctl list-timers --all

Out put of command systemctl list-timers --all
Checking Timers for certbot auto renewal

There should be some output about snap.certbot.renew.timer. It not we are going to setup the renewal ourself.

The command to renew the certificates is sudo certbot renew
You can also run this command by itself to test it out.

As it is run by root we will also add it to the crontab of the root user.

sudo crontab -e

Inside we add the following command.

0 0 * * 1 certbot renew

Here we set it to run every Monday at 0:00 (so Sunday to Monday night)
That’s more then enough, you can run it more if you want, I would not run it less.

Test your SSL connection.

Finally go to ssllabs.com and test your site. Behind the scenes Certbot also adds a bunch of security settings which will help get that A+.

SSLlabs results for janw.me
The results for janw.me on ssllabs.com

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.