This is an old revision of the document!
Good guide for nginx config and cronjob for auto renew
https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8
apt-get install software-properties-common add-apt-repository ppa:certbot/certbot apt-get update apt-get install certbot
Create “/etc/nginx/letsencrypt/letsencrypt.conf” with the following
location ^~ /.well-known/acme-challenge/ { default_type "text/plain"; root /usr/local/nginx/html/letsencrypt; }
Add this to your siteconfiguration inside server{} for http/ port80
include /etc/nginx/letsencrypt/letsencrypt.conf;
Create a folder for challanges
mkdir -p /usr/local/nginx/html/letsencrypt/.well-known/acme-challenge
Just try it.
certbot certonly --webroot --agree-tos --no-eff-email --email <yourmail> -w /var/www/lunetikk/ -d lunetikk.de -d www.lunetikk.de
Add to your vhost config
ssl_certificate /etc/letsencrypt/live/lunetikk.de/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/lunetikk.de/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/lunetikk.de/fullchain.pem;
Add to your vhost config
SSLCertificateFile /etc/letsencrypt/live/lunetikk.de/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/lunetikk.de/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/lunetikk.de/fullchain.pem
Command | Function |
---|---|
certbot certonly –webroot –agree-tos –no-eff-email –email <mail> -w /usr/local/nginx/html/letsencrypt -d <www.domain.de> -d <domain.de> | Obtain or renew a certificate |
certbot renew | Renew all previously obtained certificates that are near expiry |
certbot certonly –dry-run | Test “renew” or “certonly” without saving any certificates to disk |
certbot certificates | Display information about certificates you have from Certbot |
certbot revoke | Revoke a certificate (supply –cert-path) |
certbot delete | Delete a certificate |