Let’s Encrypt and Certbot
Table of contents
Install Certbot generated certificate on a domain
sudo apt install python3-certbot-nginx
certbot --nginx -d [example.com]
# make sure domain is not proxy through any CDN
Remove certificate with Certbot
certbot delete --cert-name example.com
certbot revoke --cert-path /etc/letsencrypt/live/example.com/fullchain.pem
# After removed the SSL, need to unlink
unlink /etc/nginx/sites-enabled/example.com
Renew certificate with certbot
sudo certbot renew
Auto-renewal certificate with certbot
sudo certbot renew --dry-run
Install wildcard * certificate with certbot
sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d *.example.com --manual --preferred-challenges dns-01 certonly
Self-signed certification Installation
- Site domain: new.domain.com
-
Create file and Nginx environment
mkdir /var/www/new.domain.com # create a simple `index.html` cd /etc/nginx/sites-available cp -a default new.domain.com # create nginx config file for this hostname ln -s /etc/nginx/sites-available/new.domain.com /etc/nginx/sites-enabled
-
Generate certificate from vendor, it comes with
Key
andCertificate
-
Copy and paste contents from
Key
andCertificate
mkdir /etc/ssl/certificates/new.domain.com/ cd /etc/ssl/certificates/new.domain.com/ vim new.domain.com.key vim new.domain.com.crt # add key and certificate to respective file
-
Configure certificate in Nginx, check SSL configuration here
cd /etc/nginx/sites-available vim new.domain.com
-
Check Nginx syntax
nginx -t systemctl restart nginx