Setup SSL Certificate for Website on Google Cloud Platform
This guide provides step by step instructions that will help you to install the auto-renewing Let’s Encrypt SSL Certificate using automated client Certbot for your site hosted on GCP.
Make sure that you have:
∘ A running VM instance with the Apache server on Ubuntu 20.04 installed.
∘ Your domain name set up with your Google Cloud instance.
∘ A website that works over an HTTP connection. (URL of the website begins with “http://”. If you change it to “https://” it will not load the page).
Log into your Google Cloud Console and select
Compute Engine > VM Instances
On your VM instance click SSH to open the terminal.
First, the Certbot needs snapd installed. But If you’re running Ubuntu 16.04 or later, you don’t need to do anything. Snap is already installed and ready to go.
You can check it is installed by attempting to run snap version
on the command line:
snap version
Ensure that the latest essential release of a snap is installed and tracked for updates.
sudo snap install core; sudo snap refresh core
Now, install Certbot, executing the command
sudo snap install --classic certbot
Then create the symbolic link to the Certbot directory
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Next, launch the Certbot to generate an SSL Certificate for your website
sudo certbot --apache
Provide an email address (optional), that Let’s Encrypt automatically send you expiry notices when your certificate is coming up for renewal. If the certificate is already renewed, they won’t send an expiry notice.
Agree with the Terms of Service by entering Y.
Enter Y if you are willing to share your email in order to get news from Let’s Encrypt project. Otherwise, enter N.
Type your domain with both naked domain name and www sub. If you have a subdomain enter it also.
Let Certbot edit your Apache configuration automatically.
Choose a vhost with enabled HTTPS typing its number
All done!
Now you have enabled the SSL certificate provided by Let’s Encrypt with automatic renewal by cron job systemd timer.
By default, the crontab attempts to renew the certificate twice a day, but renewal will only occur if expiration is within 30 days.
You may change the periodicity in the tasks file running by Cron, a time-based scheduling service.
sudo nano /etc/cron.d/certbot
For example, the code * 4 1.15 * *
will run on every first and 15th day every month at 4:00 am. More about scheduling tasks in a crontab file see the documentation here.
Simulate automatic renewal
sudo certbot renew --dry-run
Verify that Certbot works by typing in your browser’s address bar “https://” at the beginning of the website’s address.