Guide to install Let's Encrypt on VPS Ubuntu (18.04)?


#1

Hello,
Is there any guide to get the https by installing Let’s Encrypt cert. on a VPS (Ubuntu 18.04) ?
I don’t find any doc on this site. Maybe I’ve been searching in the wrong place.
Thanks.
KAB


#2

What web server are you using? (apache? Nginx? or others?)

If you want to obtain the certificate using certbot, checkout certbot.eff.org

Thank you


#3

Hello Stevenzhu,
You’re right ; I forgot to mention the most important : We use a Tomcat Server (Apache Tomcat 7.0).


#4

Hi,

That’s important…

Per my knowledge, if you are trying to obtain a certificate with http based validation, you need to stop tomcat before running certbot / acme.sh, run the program and start tomcat again.
This would create downtime everytime you renew the certificate (if renewed via http-01)…

Since you didn’t mention your domain name, I’m not sure if your domain’s NS provider are supported with DNS API validation (and automation)… But in this case, DNS validation probably would be better since you only need to reload the server after renewal (and don’t need to stop / start the server when requesting / renewing the certificate)

Thank you


#5

Thanks a lot Stevenzhu for these informations.
The downtime is not really a problem as we are on a niche market with only a few users (they won’t see the nightly downtime).
Our provider (for DNS and VPS) is ovh.com
Do you think that if we run the commands here : https://certbot.eff.org/lets-encrypt/ubuntubionic-apache , it will be OK on our Tomcat ?


#6

Hi,

I think you’ll be able to install the certbot client, but probably certbot would not be able to configure the web server to serve the challenge tokens.

However, here’s a good news.
Your DNS provider have API access! (which means you could get certificates using DNS validations, and does not cause any downtime when doing that).

Here’s how:

  1. Install certbot as normal
    $ sudo apt-get update
    $ sudo apt-get install software-properties-common
    $ sudo add-apt-repository ppa:certbot/certbot
    $ sudo apt-get update

  2. Instead of install the certbot for apache, install the certbot for OVH plugin:
    Instructions and source repo: https://github.com/mcdado/certbot-dns-ovh

  3. Read the following document for instructions on how to use OVH API to obtain certificates.
    https://certbot-dns-ovh.readthedocs.io/en/stable/

  4. Configure the certificate to your tomcat. (Remember to directly refer the certificate, key and chain to the generated file, so when cerbot update your certificate, you could just reload the server)

That should be it. Good luck on this!

Thank you


#7

Thanks a lot ! It’s very usefull (I’ve been searching since weeks on the process). I’ll test in the next few days. Cheers !


#8

The certbot-dns-ovh manual auth hook on GitHub is completely separate from the official certbot-dns-ovh plugin (which the Read the Docs link is about).

The official certbot-dns-ovh plugin isn’t currently available in the PPA, and is only packaged in Ubuntu starting in 19.04. :slightly_frowning_face:


#9

My bad…

Do you mind to help me fix that in my response? I can’t edit it anymore…