apt-get install software-properties-common add-apt-repository ppa:certbot/certbot apt-get update apt-get install certbot
Good guide for nginx config and cronjob for auto renew
https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8
Create “/etc/nginx/letsencrypt/letsencrypt.conf” with the following
location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; root /usr/local/nginx/html/letsencrypt; }
Add this to your siteconfiguration inside server{} for http/ port80
include /etc/nginx/letsencrypt/letsencrypt.conf;
Create a folder for challenges
mkdir -p /usr/local/nginx/html/letsencrypt/.well-known/acme-challenge
Just try it.
certbot certonly --webroot --agree-tos --no-eff-email --email <yourmail> -w /var/www/lunetikk/ -d lunetikk.de -d www.lunetikk.de
Add to your vhost config
ssl_certificate /etc/letsencrypt/live/lunetikk.de/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/lunetikk.de/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/lunetikk.de/fullchain.pem;
Add to your vhost config
SSLCertificateFile /etc/letsencrypt/live/lunetikk.de/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/lunetikk.de/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/lunetikk.de/fullchain.pem
Create a script for automation
#!/bin/bash /usr/bin/certbot renew --renew-hook "service apache2 reload" > /var/log/certbot-renew.log mail -s "CERTBOT Renewals" <YOURMAILADDRESS> < /var/log/certbot-renew.log DATE=`date +%Y-%m-%d` mv /var/log/certbot-renew.log /var/log/certbot-renew_%DATE.log exit 0
Add to your crontab
@daily /bin/certbotrenew.sh
Command | Function |
---|---|
certbot certonly --webroot --agree-tos --no-eff-email --email <mail> -w /usr/local/nginx/html/letsencrypt -d <www.domain.de> -d <domain.de> | Obtain or renew a certificate |
certbot renew | Renew all previously obtained certificates that are near expiry |
certbot certonly --dry-run | Test “renew” or “certonly” without saving any certificates to disk |
certbot certificates | Display information about certificates you have from Certbot |
certbot revoke | Revoke a certificate (supply –cert-path) |
certbot delete | Delete a certificate |