Install & Configure Certbot on Debian 9

Written by
Kyler Boudreau
on September 6, 2018

If you want to enable https on your site, you’ll need an SSL certificate from a certificate authority (CA). Remember the old days, when you had to pay an arm and a leg to get an SSL certificate for your site? Those days are over!

Let’s Encrypt (https://letsencrypt.org) is an open source CA that you can use to install SSL certificates for your websites (It’s a beautiful thing). This guide shows you how to install and configure Certbot with both Debian 9 and Ubuntu 16.04 LTS and nginx. Btw, you’ll need shell (SSH) access. If you use a cPanel to control your web sites, your host will have to provide this setup for you.

Debian 9

At this time, the Debian 9 client must be installed from the Stretch backports. Edit your /etc/apt/sources.list file and add the following:

deb http://ftp.debian.org/debian stretch-backports main

Install the Certbot Client

From a server command line, type in the following command:

$ sudo apt-get update

Once you’ve downloaded the latest updates, type the following to install the Certbot client:

$ sudo apt-get install python-certbot-nginx -t stretch-backports

Ubuntu 16.04 LTS

When installing and configuring Certbot on Ubuntu, there is a nginx client that automates some of the process, which is really nice!

Add the Certbot Nginx Client

Enter the following at your command line. You’ll notice the second command adds a specific certbot PPA to your repository list:

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx

Obtain the Certificates (Debian & Ubuntu)

Enter the following command:

$ sudo certbot –nginx (use two dashes)

You’ll see all of the websites listed with numbers. BE CAREFUL here. Do not hit enter and pull certs for all the sites. Enter in the site numbers separated by commas:

127: www.test.com
128: outergain.com
129: www.outergain.com

——————————————————————————-
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 128,129

4) It will prompt about forcing secure – do this:

Please choose whether HTTPS access is required or optional.
——————————————————————————-
1: Easy – Allow both HTTP and HTTPS access to these sites
2: Secure – Make all requests redirect to secure HTTPS access
——————————————————————————-
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2

Your site should be ready! The nginx client plugin will automatically add the required information to your nginx server block. If for any reason this doesn’t happen, see the Debian 9 steps above for the required information.

*Note: As of January 2018 the Cerbot nginx client has an issue on certain platforms. They are fixing, but for now you’ll need to use the following command:

certbot –authenticator webroot –installer nginx (double dashes)

Renewing Certificates

Let’s Encrypt certificates are good for 90 days. To renew any certificates about to expire, the command is:

certbot renew

However, you’ll need to renew them via a cron job. The command to run from cron is:

/usr/bin/certbot -auto renew –quiet

Make sure /usr/bin/certbot is the correct path. You can test this by trying the line straight from the server command line. Now, to add this to your cron jobs, type in:

crontab -e

Add the following line to your configuration:

0 1 * * * root /usr/bin/certbot -auto renew –quiet

The above will check for renewals every day (once a day is recommended). If you’d like assistance on understanding the cron format, visit this site: https://crontab.guru

And that’s it! Now you can add SSL capabilities to your sites, and let cron handle the certificate renewals. Congrats on installing and configuring Certbot on your Ubuntu 16.04 LTS or Debian 9 server!

Kyler Boudreau
Written By
Kyler Boudreau

Kyler is the co-founder of Outer Gain, and the founder of Theater Eleven Pictures and Follow Hook: The Network Marketer’s CRM. He lives with his wife and daughter on the island of Kauai.

Would you like us to send you the latest?
[contact-form-7 404 "Not Found"]

3 thoughts on “Install & Configure Certbot on Debian 9

  1. Under apache + debian strech

    python-certbot-apache : Depends: certbot (>= 0.19.0~) but it is not going to be installed
    Depends: python-acme but it is not going to be installed
    Depends: python-certbot but it is not going to be installed
    E: Unable to correct problems, you have held broken packages.

Leave a Reply

Your email address will not be published. Required fields are marked *

Upload your logo here. If you don't have a logo, you can create a simple one for free at the following site: https://logomakr.com/. We have a video in OGU that talks about creating a logo. It's a short video, so if you're new to logos, we recommend you check it out. Have fun!

This allows you to place an image or solid color underneath your home page logo and menu. See an example of this type of layout at followhook.com.

If you would like to change the background color of your site, you can do that here! If you want to set it back to the default color, the color code is #FFFFFF.

Optional: only change this if you don't like the default. You can enter any manual pixel setting in here (ie 1200px) or you can enter 100% for a full width top.

This will add space on the left side. Normally you don't need space on the left, but in case you do, this is the place! The setting is in pixels. The default is '0.'

This adds space on the top, above your logo. The default is 15.

This will add space on the right side. Normally you don't need space on the right, but in case you do, this is the place! The setting is in pixels. The default is '0.'

This adds space on the bottom, below your logo. The default is 15.

This defines how wide your logo is. This setting is in pixels.

px

When using the wide navigation, you can opt to have your logo centered or left aligned. *Note: if using a top search field, you can only left-align.

This defines how wide your logo is on a tablet in wide view (varies by device).

%

This defines how wide your logo is on a tablet in normal view (varies by device).

%

This defines how wide your logo is on a normal sized mobile phone in normal view (varies by device). The setting is a percentage.

%

This defines how wide your logo is on a large mobile phone in normal view (varies by device). The setting is a percentage.

%

This will position the top of your site at the top at all times, even with scrolling. *Note: This only works with the small menu setting.

Choose a color for the border.

This setting is in pixels. We recommend 1.

When you visit a website, your browser tab shows a tiny icon for the site. If you're not sure on this, go visit http://outergain.com and you'll see ours. You can upload an image for your site's favicon here. *Note: you must use a square image and the image type must be a PNG. If you use a JPG or GIF it may not work. Please visit http://support.outergain.com if you have questions.

This will place a search form on the top right of your site for computer screens only. *Note: You will need to adjust the 'Navigation Top Margin' of your menu under 'Site Menu' or the search field will appear directly behind the navigation.

Change to zero for no border.

Choose the background color for the footer form field. The default is #FFFFFF.

Choose the background color for the footer form button. The default is #AAAAAA.

Choose the background color for the footer form button with mouseover.

Choose the font color for the footer form button. The default is #444444.

This is the size of the font on the button. The setting is in pixels.

This sets the spacing in pixels above the search form.

px

This sets the spacing in pixels to the right of the search form.

px





Do NOT follow this link or you will be banned from the site!