Let’s Encrypt with Apache on Ubuntu

Clone the Let’s Encrypt repository
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

Access the letsencrypt directory
cd /opt/letsencrypt

Auto install all dependencies

sudo -i

Generate certificates for your domains

Execute the interactive installation and obtain a certificate for each domain.

./letsencrypt-auto certonly --webroot -w /var/www/faix/wordpress/ -d faix.cz -d www.faix.cz
./letsencrypt-auto certonly --webroot -w /var/www/zviretnik/wordpress/ -d zviretnik.eu -d www.zviretnik.eu
./letsencrypt-auto certonly --webroot -w /var/www/owncloud/ -d owncloud.zviretnik.eu -d cloud.zviretnik.eu
./letsencrypt-auto certonly --webroot -w /var/www/faix/wordpress/ -d faix.zviretnik.eu
./letsencrypt-auto certonly --webroot -w /var/www/sikora/Gallery/ -d sikora.zviretnik.eu
./letsencrypt-auto certonly --webroot -w /var/www/silhavy/gallery/ -d silhavy.zviretnik.eu
./letsencrypt-auto certonly --webroot -w /var/www/martinek/ -d martinek.zviretnik.eu
./letsencrypt-auto certonly --webroot -w /var/www/smrtak/gallery/ -d smrtak.zviretnik.eu

First time you will be asked to provide an email address for lost key recovery and notices:

You can find the generated certificate files at:

Certificate Auto Renewal

Edit the crontab to create a new job that will run this command every week.

crontab -e

00 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

Apache SSL configuration


SSLCertificateFile /etc/letsencrypt/live/zviretnik.eu/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/zviretnik.eu/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/zviretnik.eu/chain.pem

SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLVerifyClient none
SSLVerifyDepth 1
SSLCompression off

Update Let’s Encrypt Client

cd /opt/letsencrypt
sudo git pull

Print Friendly, PDF & Email