How to Install Lets Encrypt SSL certificate on Eve-ng Pro

How to install Lets Encrypt SSL certificate on EVE-ng PRO is a straightforward process that allows you to secure your EVE-PRO server with trusted and encrypted connections. Let’s Encrypt is a free and automated certificate authority that offers SSL certificates valid for 90 days. By following the steps outlined below, you can enable SSL on your EVE-PRO server using Let’s Encrypt and ensure your data transmissions are protected.

How to Install Lets Encrypt SSL certificate on Eve-ng Pro

To enable SSL (Secure Sockets Layer) on EVE-PRO using Let’s Encrypt, you can follow these general steps:

Install Let’s Encrypt SSL Certificate in Eve-ng Pro

1 Ensure your EVE-PRO server is accessible from the internet with a public IP address or domain name that you own.

2. Install Certbot: Certbot is a tool that automates the process of obtaining and renewing SSL certificates from Let’s Encrypt. Install Certbot on your EVE-PRO server by following the instructions for your specific operating system. You can find the installation instructions on the Certbot website (

apt update
apt install certbot

3. Stop Apache

systemctl stop apache2

4. Generate and install the let’s encrypt SSL certificate in eve-ng pro: Once Certbot is installed, run the following command on your EVE-PRO server:
Replace “” with your actual domain name or public IP address. Certbot will communicate with Let’s Encrypt and generate the SSL certificate for your domain.

certbot certonly --standalone --preferred-challenges http -d

5. Update Apache config, and run these commands in the EVE CLI.

CERT=$(find /etc/letsencrypt/live/ -name fullchain*)
KEY=$(find /etc/letsencrypt/live/ -name priv*)

sed -i --follow-symlinks /etc/apache2/sites-enabled/eveng-ssl.conf -Ee 's,(\s+SSLCertificateFile\s+).+,\1'$CERT',g'
sed -i --follow-symlinks /etc/apache2/sites-enabled/eveng-ssl.conf -Ee 's,(\s+SSLCertificateKeyFile\s+).+,\1'$KEY',g'

6. Restart apache

systemctl start apache2 

7. Test SSL configuration: Open a web browser and navigate to your EVE-PRO server using the domain name or public IP address. Make sure the connection is secure (https://) and that the SSL certificate is valid and trusted.

    systemctl start apache2

    SSL Certificate Renew in Eve-ng Pro

    Manual Certificate Renew

    Let’s Encrypt certificates are valid for 90 days, but it’s recommended to renew them every 60 days to allow room for error. The Certbot Let’s Encrypt client includes a “renew” command that automatically checks installed certificates and attempts to renew them if they are within 30 days of expiration.

    To manually renew the certificates, ensure that your EVE server is reachable from the internet on port 80. If you have any security measures or firewall rules blocking this port, temporarily disable them.

    Use the following command to renew:

    certbot renew --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"

    Auto Certificate Renew

    Automate certificate renewal: Let’s Encrypt SSL certificates are valid for a limited time, usually 90 days. To automate the certificate renewal process, set up a cron job or a scheduled task that runs the following command periodically:

    To ensure your Let’s Encrypt certificates stay up to date, you can create a cron job that automatically renews them. The cron job will periodically execute the renewal command, checking the expiration date and renewing if necessary.

    To edit the crontab for the root user and set up a weekly renewal job, follow these steps:

    1. Open a terminal or SSH into your server.

    2. Run the command:
    This will open the crontab file for editing.

    crontab -e

    3. Add the following line to the file

    30 2 * * 1 certbot renew --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2" >> /var/log/le-renew.log

    4. Save the file and exit the editor.

    By setting up this cron job, the renewal command will be executed automatically every week, ensuring your certificates are always up to date. Make sure that port 80 is accessible and not blocked by any security measures or firewall rules to allow the renewal process to work correctly.

    Above posts describe in detail of How to Install Lets Encrypt SSL certificate on Eve-ng Pro

    Leave a Comment