Quick intro: Let's Encrypt is a relatively new certificate authority which issues SSL certificates using an automated system that issues challenges to the specified server to ensure that the server controls the domain which is attempting the automated certification process. The certificates last only 90 days but can be renewed indefinitely.
On Ubuntu 16.04:
sudo apt-get update
sudo apt-get install letsencrypt python-letsencrypt-apache
As long as virtualhosts are correctly configured on the Apache webserver, the following command is all that's necessary to automatically receive an SSL certificate from Let's Encrypt.
sudo letsencrypt --apache -d <DOMAIN HERE>
sudo letsencrypt renew renews all the domains on the server secured with Let's Encrypt as long as there are less than 30 days remaining until the certificate expires. We can automate the renewal process via cron.
Editing crontab:
sudo crontab -e
Once in the editor, we can write a script that runs at 6:00am every Monday morning and pipes the output to a log file. Append the following to the end of crontab
# 0 minutes, 6 hours, ..., every monday
0 6 * * 1 /usr/bin/letsencrypt renew >> /var/log/ssl-renewal.log
This concludes the setup for Let's Encrypt SSL on a LAMP stack on Ubuntu 16.04.
This walkthrough is a simplified version of what is available from DigitalOcean docs here: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-16-04