Adding Let’s Encrypt to Debian Web Servers

Let’s Encrypt is an automated certificate authority providing free of charge, domain-validated TLS certificates that are obtained using the ACME protocol.

Debian 8 (Jessie) Howto

Debian 9 (Stretch) Howto

You can install certbot from the main repository. You can also install some useful plugins to make the getting certificates for nginx or apache easier.

user@computeruser@computer$ sudo apt install certbot
user@computeruser@computer$ sudo apt install python-certbot-apache

or

user@computeruser@computer$ sudo apt install python-certbot-nginx

The default version of certbot that is available in the repository will result in the following error message if you try to run certbot –apache:

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

As discussed in the LetsEncrypt Forums this is due to a security issue that existed in the old client.

In order to make a certificate for apache you can use the following command:

sudo certbot –authenticator standalone –installer apache \
  -d  –pre-hook “service apache2 stop” –post-hook “service apache2 start”

In order to make a certificate for nginx you can use the following command:

sudo certbot –authenticator standalone –installer nginx \
-d <domain> –pre-hook “service nginx stop” –post-hook “service nginx start”