Installing SSL certificates isn’t difficult, but it’s a process every Linux administrator will have to take on at some point in their career. One of the more popular methods of getting and installing SSL certificates on Linux is by way of Let’s Encrypt, which is a certificate authority that offers free, automated SSL and TLS certificates. And Let’s Encrypt isn’t at all challenging to use.

SEE: Security incident response policy (TechRepublic Premium)

But there’s an even easier way, one that doesn’t have any dependencies or requirements. The script is written in Shell and supports more DNS providers than other similar clients. This means you can get your SSL/TLS certificates faster and easier.

I’m going to show you how to get and use on Linux, so you can start working with SSL without any hassle.

What you’ll need

To get working with, you’ll need a running instance of Linux (the distribution doesn’t matter, as should work on just about every flavor of Linux available). This will preferably be the server you want to install the SSL certificates onto (otherwise you’d wind up having to move them).

That’s it. Let’s get this up and running.

How to get

There are several ways to get the script installed on your Linux machine. I’ll show you how to do so using either curl or wget. The curl command is:

curl | sh

The wget command is:

wget -O - | sh

After you run either command, you need to source your .bashrc with:

source ~/.bashrc

To verify the installation, issue the command: --version

You should see the version of the installed script printed out. Finally, enable auto-upgrade of the script with the command: --upgrade --auto-upgrade

How to issue an SSL certificate with

And now we’ll issue an SSL certificate on a web server for a single domain. We’ll use the domain to illustrate. The command for this is: --issue -d --webroot /var/www/

Obviously, you’ll change to the domain of your server as well as change /var/www/ to the document root. If you have multiple domains associated with that server (such as for mail, FTP and www), you could issue the command: --issue -d -d -d -d --webroot /var/www/ --keylength LENGTH

Where LENGTH is one of the following values for keylength:

  • 2048 (default)
  • 3072
  • 4096
  • 8192
  • ec-256
  • ec-384

You could also issue an SSL certificate in standalone mode (if you don’t have a webserver) with the command: --issue -d --standalone

Again, replace with your domain.

How to copy the certificates to the proper location in local storage

With those certificates issued, you’ll then need to install them in the proper location for your web server. Let’s say you’re using Apache as the webserver and the location for your certificates is /etc/ssl/certs. For this, you’d issue the command: --install-cert --domain --cert-file /etc/ssl/certs/cert.pem --key-file /etc/ssl/certs/keyfile/key.pem --fullchain-file /etc/ssl/certs/fullchain/fullchain.pem --reloadcmd "sudo systemctl reload apache2.service"

Make sure to change out for your domain.

How to renew your certificate

As you know, SSL certificates expire. To renew those certificates with, you’d issue the command: --renew -d --force

Make sure to change out for your domain.

And that’s all there is to issuing and installing SSL certificates with on Linux. You’ll probably find this tool a bit easier to use than Let’s Encrypt, plus it’s a bit more universal, so it can be installed on nearly any Linux distribution.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.

Image: Getty Images/iStockphoto