How to use letsencrypt free ssl certificate for all subdomains ?

Letsencrypt is an organisation that issues free SSL certificate for web applications. SSL certificate is used to protect the data in motion from client-server vice-versa. If we take any website the first thing we should do is to configure ssl certificate for that website. Generating and renewing letsencrypt ssl certificate is pity much simple and can be done with very few commands. Let us consider we have an instance running in any cloud provider with apache as web server, the configuration procedure is as follows..

Note: Always we should remember that letsencrypt needs a domain name to generate certificates. For internal applications and IP address we can use self-signed certificates.

OS: ubuntu:18.04

Install Apache:

sudo apt-get install apache2

We use certbot-auto as a tool to install and renew certificates automatically.

Cloning from github amd run the certbot

git clone
cd certbot

Installing certificates:

./certbot-auto certonly -d

The above command is trying to generate certificate only for subdomain. Certificates are stored in /etc/letsencrypt/live/ directory.

To use the above certificate for a apache, the virtual host configuration is like below..

<VirtualHost *:80>  #To listen on port 80 and redirect to port 443
  RewriteEngine On
  RewriteRule ^/?(.*) https://%{SERVER_NAME}:443/$1 [R,L]
RewriteCond %{SERVER_NAME} =

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

<VirtualHost *:443> #listening in port 443 over ssl
  DocumentRoot /var/www/example
  <Directory "/var/www/example/">
   Require all granted
   AllowOverride All
  ProxyRequests off

SSLCertificateFile /etc/letsencrypt/live/ #Public key for CA
SSLCertificateKeyFile /etc/letsencrypt/live/ #Private key to encrypt
Include /etc/letsencrypt/options-ssl-apache.conf

Restarting the apache server results in serving https website using letsencrypt ssl certificate.

General errors while installing:

  • Letsencrypt server unable to access our cloud instance - Check the firewall settings
  • Letsencrypt server unable to access our cloud instance - Check the dns settings(Ping should hit original server)'
  • Error (cannot generate cert) - We can generate only 5 certificates a week for single domain Letsencrypt certificate is only valid for three months. To renew it automatically we should add the letsencrypt certbot command to the crontab as follows.. 0 1 * * * certbot-auto renew --quiet --post-hook "service apache2 restart" Everyday at 1 am this will check our certificate expiry date and renews automatically.

Last update: June 3, 2020