Link Search Menu Expand Document

Let’s Encrypt and Certbot

Table of contents

Install Certbot generated certificate on a domain

sudo apt install python3-certbot-nginx
certbot --nginx -d []
    # make sure domain is not proxy through any CDN

Remove certificate with Certbot

certbot delete --cert-name
certbot revoke --cert-path /etc/letsencrypt/live/
    # After removed the SSL, need to unlink 
unlink /etc/nginx/sites-enabled/

Renew certificate with certbot

sudo certbot renew

Auto-renewal certificate with certbot

sudo certbot renew --dry-run

Install wildcard * certificate with certbot

sudo certbot --server -d * --manual --preferred-challenges dns-01 certonly

Self-signed certification Installation

  • Site domain:
  1. Create file and Nginx environment

     mkdir /var/www/ 
         # create a simple `index.html`
     cd /etc/nginx/sites-available
     cp -a default 
         # create nginx config file for this hostname 
     ln -s /etc/nginx/sites-available/ /etc/nginx/sites-enabled
  2. Generate certificate from vendor, it comes with Key and Certificate

  3. Copy and paste contents from Key and Certificate

     mkdir /etc/ssl/certificates/
     cd /etc/ssl/certificates/
         # add key and certificate to respective file
  4. Configure certificate in Nginx, check SSL configuration here

     cd /etc/nginx/sites-available 
  5. Check Nginx syntax

     nginx -t
     systemctl restart nginx