6/14/2017 - 4:51 PM

SSL Certificate from Let's Encrypt (

SSL Certificate from Let's Encrypt (

#Install# On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache

#Get Started# Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ certbot --apache certonly

To learn more about how to use Certbot read our documentation.

#Automating renewal# The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run

#Fix for OpenSSL Padding Oracle vulnerability (CVE-2016-2107)#

Thanks for the write up and all of the comments. My particular setup is Ubuntu/Nginx. Based on these comments, I did this to get my grade back to A+:

sudo apt-get install --only-upgrade libssl1.0.0 openssl
service nginx upgrade

#Enable Headers Module#

a2enmod headers

#Test SSL# SSL Labs