Let’s Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Certbot, developed as well by ISRG, is a free, open source tool for generating and install Let’s Encrypt SSL Certificates.
If you have a cPanel hosting account with NetShop ISP, then you can install Let’s Encrypt in a single click. Customers using Linux servers without any control panel, will need to install Certbot in order to get a free SSL installed on their server.
In this article we will demonstrate how to install Certbot on Debian 11 Linux server for generating a Standard or Wildcard LetsEncrypt SSL Certificate.
Before going to the commands to install Certbot, take a look on the pre-requisites before you start.
Pre-requisites
- Debian 11 installed on Server (can be virtual or dedicated – doesn’t matter)
- SSH with sudo or root access
- Comfort with linux commands
- Port 80 and 443 allowed on firewall/iptables
Step-by-step instructions to install Certbot on Debian 11
Step 1. Install snapd
doe@localhost:~$ sudo apt update
doe@localhost:~$ sudo apt install snapd
Once snapd is installed, exit the ssh terminal and re-login to ensure snap’s paths are updated properly.
Step 2. Update snapd
Once you are back on the terminal, install the core snap to ensure the latest version of snapd is installed. Execute the following command:
doe@localhost:~$ sudo snap install core
Step 3. Remove previous Certbot packages
Before installing Certbot snap, you need to ensure any previous installations of Certbot packages are completely removed from the server. You can do so by executing this command:
doe@localhost:~$ sudo apt-get remove certbot
Step 4. Install Certbot
The following command will install Certbot on your Debian server:
doe@localhost:~$ sudo snap install --classic certbot
Once certbot is installed, execute the following command to ensure the ‘certbot’ command can be run:
doe@localhost:~$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
Step 5. Generate Wildcard SSL Certificate with Let’s Encrypt
Using the Certbot we just installed, we are going to create our first wildcard certificate. For the sake of this example we will use the domain *.freessl.xyz.
doe@localhost:~$ sudo certbot certonly --manula --preferred-challenges=dns --email webmaster@freessl.xyz --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.freessl.xyz
Note: Since we are generated a wildcard ssl certificate make sure you add the domain with *. in the beginning.
DO NOT hit Enter when prompted, until you complete the Step 6 as described below.
Step 6. Verify Domain Ownership via DNS
After executing the command in Step 5, Certbot will generate a TXT record which you will need to add to your DNS. This is to verify you are in control/ownership of the Domain.
Step 7. Retrieve your new Let’s Encrypt Certificate
Once you have confirmed the new TXT record has propagated, go back to the SSH console and hit Enter. Certbot will generate the SSL certificate and the required Key.
The Certificate and Key files (.pem) will be stored under /etc/letsencrypt/live/<your_domain>/.
Congratulations! You have successfully generated a Wildcard LetsEncrypt SSL through Certbot.