Let’s Encrypt – Nginx settings

Ubuntu 14.04

From https://certbot.eff.org/all-instructions/#ubuntu-14-04-trusty-nginx

Download and install

We’re going to use certbot and install it in /usr/local/bin

sudo wget https://dl.eff.org/certbot-auto -O /usr/local/bin/certbot-auto
sudo chmod +x /usr/local/bin/certbot-auto
certbot-auto --os-packages-only

First cert request

sudo service nginx stop
./certbot-auto certonly --standalone -d www.example.com -d example.com
sudo service nginx start

Test renewal

certbot-auto renew --dry-run

Actual renewal

service nginx stop
certbot-auto renew --quiet --no-self-upgrade
service nginx start

Create a bash file

sudo vi /path/to/letsencrypt.sh
#!/bin/bash

service nginx stop
certbot-auto renew --quiet --no-self-upgrade
service nginx start

Schedule cron

sudo crontab -e
0 6,22 * * * /path/to/letsencrypt.sh

Configure Nginx

Use common Vendi TLS config with this for certs

ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;