Setup SSL Certificate for Website on Google Cloud Platform

This guide provides step by step instructions that will help you to install the auto-renewing Let’s Encrypt SSL Certificate using automated client Certbot for your site hosted on GCP.

Make sure that you have:
∘ A running VM instance with the Apache server on Ubuntu 20.04 installed.
∘ Your domain name set up with your Google Cloud instance.
∘ A website that works over an HTTP connection. (URL of the website begins with “http://”. If you change it to “https://” it will not load the page).

Log into your Google Cloud Console and select
Compute Engine > VM Instances
On your VM instance click SSH to open the terminal.

First, the Certbot needs snapd installed. But If you’re running Ubuntu 16.04 or later, you don’t need to do anything. Snap is already installed and ready to go.
You can check it is installed by attempting to run snap version on the command line:

snap version

Ensure that the latest essential release of a snap is installed and tracked for updates.

sudo snap install core; sudo snap refresh core

Now, install Certbot, executing the command

sudo snap install --classic certbot

Then create the symbolic link to the Certbot directory

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Next, launch the Certbot to generate an SSL Certificate for your website

sudo certbot --apache

Provide an email address (optional), that Let’s Encrypt automatically send you expiry notices when your certificate is coming up for renewal. If the certificate is already renewed, they won’t send an expiry notice.

Providing your email can be useful in case you get any issue with your running certificate in the future.

Agree with the Terms of Service by entering Y.

Enter Y if you are willing to share your email in order to get news from Let’s Encrypt project. Otherwise, enter N.

Type your domain with both naked domain name and www sub. If you have a subdomain enter it also.

Let Certbot edit your Apache configuration automatically.

Choose a vhost with enabled HTTPS typing its number

All done!
Now you have enabled the SSL certificate provided by Let’s Encrypt with automatic renewal by cron job systemd timer.

By default, the crontab attempts to renew the certificate twice a day, but renewal will only occur if expiration is within 30 days.
You may change the periodicity in the tasks file running by Cron, a time-based scheduling service.

sudo nano /etc/cron.d/certbot 

This part of the code specifies command execution (the other part of the code)for every other 12 hours every day.

For example, the code * 4 1.15 * * will run on every first and 15th day every month at 4:00 am. More about scheduling tasks in a crontab file see the documentation here.

Simulate automatic renewal

sudo certbot renew --dry-run

The simulation allows you to get things right before real renewal certificates and reduce the chance of your running up against rate limits.

Verify that Certbot works by typing in your browser’s address bar “https://” at the beginning of the website’s address.