This tutorial will help you to install Let’s encrypt client on your Ubuntu system and issue SSL certificate for the domain running on Nginx web server.
Step 1 – Prerequisites
Before starting work on this task, I assume you already have:
- Running Ubuntu system with sudo privileges shell access.
- A domain name registered and pointed to your server’s public IP address. For this tutorial, we use example.com and www.example.com, which is pointed to our server.
- Running Nginx web server with VirtualHost configured for example.com and www.example.com for Port 80.
Step 2 – Install Let’s Encrypt Client
You can download the
certbot-auto Let’s Encrypt client and save it in
/usr/sbin directory. Use the following command to do it.
sudo wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto sudo chmod a+x /usr/sbin/certbot-auto
Step 3 – Issue SSL from Let’s Encrypt
Let’s Encrypt performs Domain Validation (DV) automatically with multiple challenges. Once the Certificate Authority (CA) verified the authenticity of your domain, SSL certificate will be issued.
You don’t need to create VirtualHost for SSL/HTTPS, Let’s encrypt will create it. You only need to create VirtualHost for port 80 only.
sudo certbot-auto --nginx -d example.com -d www.example.com
Above command will prompt for an email address, which is used for sending email alerts related to SSL renewal and expiration. Also, asks few more questions. After completion, it will issue an SSL certificate and will also create a new VirtualHost configuration file on your system.
Step 4 – Configure SSL Auto Renew
At the end, configure the following job on your server crontab to auto-renew SSL certificate if required.
0 2 * * * sudo certbot-auto -q renew
You may like: