Certbot: Difference between revisions

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

certbot connects to Let's Encrypt to obtain an SSL certificate for your server.

• Install packages

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx

• Create the file /etc/nginx/snippets/ssl-certbot.conf:

# support for certbot ssl auto-renewal
location ^~ /.well-known/ {
    default_type "text/plain";
    root /var/www/html/;
}

• Create the well-known directory for verification:

mkdir -p /var/www/html/.well-known

• Include the following line in the ssl config for each domain:

include snippets/ssl-certbot.conf;

• Test with nginx -t

• Reload nginx

• Now run a command like this:

certbot certonly --webroot --webroot-path=/var/www/html \
-d example.com \
-d domain1.example.com \
-d domain2.example.com

You should get some output about where the ssl cert and key are located.

• Add new ssl config snippet like this at /etc/nginx/snippets/example.com:

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

• Call this snippet from your nginx config:

include snippets/example.com

• Test at SSL Labs: https://www.ssllabs.com/ssltest/

• More SSL config advice here: https://mozilla.github.io/server-side-tls/ssl-config-generator/

• Test with this:

sudo certbot renew --dry-run