Certbot

Install Certbot

Run this command on the command line on the machine to install Certbot.

sudo apt-get install certbot python-certbot-apache -t stretch-backports

Choose how you’d like to run Certbot

Run this command to get a certificate and have Certbot edit your Apache configuration automatically to serve it, turning on HTTPS access in a single step.

sudo certbot --apache

sudo certbot --apache -d your_domain -d www.your_domain

If you’re feeling more conservative and would like to make the changes to your Apache configuration by hand, run this command.

sudo certbot certonly --apache

Test automatic renewal

The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:

sudo certbot renew --dry-run

The command to renew certbot is installed in one of the following locations:

/etc/crontab/
/etc/cron.*/*
systemctl list-timers

Allow HTTPS Protocol On Firewall

If UFW firewall is enabled, as is always recommended for security reasons, you need to allow HTTPS traffic through it, otherwise, we will not be able to access our site on a web browser

Since HTTPS runs on port 443, open the port by running.

sudo ufw allow 443/tcp

reload the firewall to effect the changes.

sudo ufw reload

verify if the changes have taken effect, run the command below to check the firewall status.

sudo ufw status