Link Search Menu Expand Document

Let’s Encrypt and Certbot

Table of contents

Install Certbot generated certificate on a domain

sudo apt install python3-certbot-nginx
certbot --nginx -d [example.com]
    # make sure domain is not proxy through any CDN

Remove certificate with Certbot

certbot delete --cert-name example.com
certbot revoke --cert-path /etc/letsencrypt/live/example.com/fullchain.pem
    # After removed the SSL, need to unlink 
unlink /etc/nginx/sites-enabled/example.com

Renew certificate with certbot

sudo certbot renew

Auto-renewal certificate with certbot

sudo certbot renew --dry-run

Install wildcard * certificate with certbot

sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d *.example.com --manual --preferred-challenges dns-01 certonly

Self-signed certification Installation

  • Site domain: new.domain.com
  1. Create file and Nginx environment

     mkdir /var/www/new.domain.com 
         # create a simple `index.html`
     cd /etc/nginx/sites-available
     cp -a default new.domain.com 
         # create nginx config file for this hostname 
     ln -s /etc/nginx/sites-available/new.domain.com /etc/nginx/sites-enabled
    
  2. Generate certificate from vendor, it comes with Key and Certificate

  3. Copy and paste contents from Key and Certificate

     mkdir /etc/ssl/certificates/new.domain.com/
     cd /etc/ssl/certificates/new.domain.com/
     vim new.domain.com.key 
     vim new.domain.com.crt
         # add key and certificate to respective file
    
  4. Configure certificate in Nginx, check SSL configuration here

     cd /etc/nginx/sites-available 
     vim new.domain.com
    
  5. Check Nginx syntax

     nginx -t
     systemctl restart nginx