$ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-nginx $ certbot --nginx
Last command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. Sometimes, you may get error notes. It is about failure of integration process to existing web server configuration. It's not crucial cause you can integrate manually with simple steps. If you only want to get certificate and integrate manually, you can use this following command.
$ certbot --nginx certonly
The generated certificate will be available in
/etc/letsencrypt/live/yourdomain.tld/
. Then, you can configure your server manually to access the SSL certificate.ssl_certificate /etc/letsencrypt/live/yourdomain.tld/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/yourdomain.tld/privkey.pem;
Finally, you need to know that this certificate only valid for 90 days. You can update the certificate easily whenever you want by this following command.
$ certbot renew --dry-run
To automate the process, you can use cronjob. Below is sample of cronjob configuration in Linux. It will update the certificate every two months (I just make it near to 90 days).
# renewal every two months at 2:00 AM 0 2 1 */2 * certbot renew --dry-run
Another sample will run the update process exactly every 80 days (I give it spare time from 90 days).
# Example: started on 2017-5-6 2:00 AM. # It is equal to 1494036000 seconds in standard time format (415010 hours) # 80 days = 1920 hours # 415010 hours MOD 1920 hours = 290 hours # So, the next 80 days is when MOD result = 290 hours # Everyday at 2:AM, it will check whether it's the renewal day 0 2 * * * test $(( `date +\%s`/60/60\%1920 )) = 290 && certbot renew --dry-run
I hope this post can be useful for you.
Comments
Post a Comment