CertBot Certificate

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so.

For jessie add this line

deb http://ftp.debian.org/debian jessie-backports main

to your sources.list (or add a new file with the “.list” extension to /etc/apt/sources.list.d/)

Then do:

$ sudo apt-get install python-certbot-apache -t jessie-backports

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ certbot --apache certonly

We can now run Certbot to get our certificate. We'll use the –standalone option to tell Certbot to handle the challenge using its own built-in web server. The –preferred-challenges option instructs Certbot to use port 80 or port 443. If you're using port 80, you want –preferred-challenges http. For port 443 it would be –preferred-challenges tls-sni. Finally, the -d flag is used to specify the domain you're requesting a certificate for. You can add multiple -d options to cover multiple domains in one certificate.

sudo certbot certonly --standalone --preferred-challenges http -d example.com

In our case :

sudo certbot certonly --standalone -d example.com

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run