Install Let’s Encrypt to Create SSL Certificates

Download and Install Let’s Encrypt

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt cd /opt/letsencrypt

Create an SSL Certificate

cd /opt/letsencrypt sudo -H ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

Renew SSL Certificates

cd /opt/letsencrypt sudo -H ./letsencrypt-auto certonly --standalone --renew-by-default -d example.com -d www.example.com

UPDATE (06/04/2019):

To prevent new certificates (like *-0001, *-0002) from being created on running the renew command, add a `--cert-name <domain name>` entry to force certbot to overwrite existing certificate instead of creating a new one.

sudo -H ./letsencrypt-auto certonly --standalone --renew-by-default --cert-name example.com -d example.com -d www.example.com

UPDATE (04/05/2020):

Install and configure certbot certificate with nginx configuration:

sudo certbot --nginx -d example.com -d www.example.com

Automatically Renew SSL Certificates (Optional)

echo '@monthly root /opt/letsencrypt/letsencrypt-auto certonly --quiet --standalone --renew-by-default -d example.com -d www.example.com >> /var/log/letsencrypt/letsencrypt-auto-update.log' | sudo tee --append /etc/crontab

@monthly: for simplicity, this command will execute at midnight on the first day of every month
root: run the command as the root user
/opt/letsencrypt/letsencrypt-auto certonly –quiet –standalone –renew-by-default -d example.com -d www.example.com: letsencrypt-auto renewal command. Again, add -d example.com for each domain name you need to renew
» /var/log/letsencrypt/letsencrypt-auto-update.log: record the standard output and standard error to a log file named letsencrypt-auto-update.log
tee –append /etc/crontab: save the new cron job to the /etc/crontab file

Update Let’s Encrypt

cd /opt/letsencrypt sudo git pull

Automatically Update Let’s Encrypt (Optional):

echo '@weekly root cd /opt/letsencrypt && git pull >> /var/log/letsencrypt/letsencrypt-auto-update.log' | sudo tee --append /etc/crontab

If it doesn't work, stop the nginx server and then try the renewal command.

Check Expiration dates:

sudo openssl x509 -dates -noout < /etc/letsencrypt/live/<DOMAIN NAME HERE>/cert.pem

Sources:

https://certbot.eff.org/docs/using.html#changing-a-certificate-s-domains

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

https://www.linode.com/docs/security/ssl/install-lets-encrypt-to-create-ssl-certificates

https://certbot.eff.org/#ubuntutrusty-nginx

https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-14-04-droplet

For Nginx server block config:

https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8

Install Let’s Encrypt to Create SSL Certificates

Related Posts