Lets's Encrypt

For Ubuntu, install let's encrypt

sudo apt install letsencrypt

Along with the "Let's Encrypt" package, this command also installs the "certbot.timer" utility for automatic certificate renewal. It checks the validity of SSL certificates in the system twice a day and extends those that expire in the next 30 days. To make sure that it is running, enter

sudo systemctl status certbot.timer

Certbot can automatically install the certificate on nginx and Apache web servers. To do this, you need to install an additional package and choose the appropriate one for your web server.

apt install python3-certbot-nginx
apt install python3-certbot-apache

Run this command for nginx to obtain the SSL certificate

Replace domain-name.com with your own domain name

sudo certbot --nginx --agree-tos --preferred-challenges http -d domain-name.com

In case your nginx config file is not created, you can run standalone install and add the file path to the site specific config file latter

sudo certbot certonly --standalone -d domain-name.com

Let's encrypt certificate renewal - HTTPS for your web server / service domain

sudo certbot renew

If you receive error message about port 80 being busy then you need to stop the web server (nginx or apache) before renewing the certificate. Do not forget ot restart the server after certificate is successfully renewed.

sudo service nginx stop

If you have multiple certificates for different domains and you want to renew a specific certificate, use. The --force-renew flag tells Certbot to request a new certificate with the same domains as an existing certificate. The -d flag allows you renew certificates for multiple specific domains.

certbot certonly --force-renew -d example.com

To verify that the certificate renewed, run

sudo certbot renew --dry-run

Last updated