Enable SSL on your web server using Let’s Encrypt and Certbot

If you have a public-facing web server you manage and want to enable SSL on it (you should want to), you can generate a self-signed certificate... or you can use Let's Encrypt as a certificate authority and generate a proper certificate.

There are Certbot downloads for various Linux and Unix platforms (including macOS).

If you're using Apache on macOS, you may have to install Homebrew first.

Then you pretty much run

sudo /usr/local/bin/certbot --apache
and answer the questions that come up.

The first time I ran it, I got this weird error:

Error while running apachectl configtest.

AH00526: Syntax error on line 9 of /etc/letsencrypt/options-ssl-apache.conf: Setting Compression mode unsupported; not implemented by the SSL library
Just editing the /etc/letsencrypt/options-ssl-apache.conf file and commenting out (putting a # in front of) line 9 fixed that.

The certificate lasts only 90 days, but you're expected to automate the renewal process every 60 days anyway.

After you've Certbot-created your certificate and verified it works, do a dry run to make sure you're able to automate a renewal:

sudo /usr/local/bin/certbot renew --dry-run

If that's good, you can run a cron job or launch daemon for

sudo /usr/local/bin/certbot renew --quiet

Leave a Reply

Your email address will not be published. Required fields are marked *