Skip to main content

Part 5 - Let's encrypt!

You finished Part 4 - Installing Wordpress and you have your website, but it's not as safe as it should be - potential hackers could intercept your data.

This is probably not a problem for a very small website just displaying some information, but it will be if you run a web store that takes credit card payments, or a site that collects other sensitive information.

Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to.

Luckily, there is a service available that will secure your site for free.

Make sure you are logged into PuTTY with your own username.

Installing Certbot

Let's install the service first:

sudo apt-get update
sudo add-apt-repository ppa:certbot/certbot

Hit Enter to continue, then

sudo apt-get install python-certbot-apache

Then type Y to continue. Now all that's left is we need to create a certificate for each of your sites:

sudo certbot --apache

Type your email when asked for one.
Type A to agree.
Choose whether you agree to share your email address with the EFF (that is entirely your choice).

You will be presented with a list of the domains and subdomains that you want to activate:

If you leave the choice blank and hit Enter, all your domains will be activated - otherwise choose which domain you want an SSL certificate for.

If all goes well, you will be presented with a choice if you want to enforce encryption. This is usually the most prudent choice, so let's select 2.

Your certificate(s) should be created now.

Renewing certificate

Your "" certificate is set to self destruct after three months, all we need to do now is create a cron job to auto renew it when the time comes. First, go into root mode:

sudo -s
Then create a cron job:

crontab -e

Scroll to the bottom of the file and add:

0 2 * * Wed /usr/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log

This will check every Wednesday at 2AM whether your certificate is up for renewal, and will do so when possible. Finally, type


Congratulations, you are now on a fully secure server!