Skip to content

Instantly share code, notes, and snippets.

@unRob

unRob/README.md

Last active June 19, 2017 08:06
Show Gist options
  • Save unRob/1da6fc332c18f461537411c502a0714d to your computer and use it in GitHub Desktop.
Save unRob/1da6fc332c18f461537411c502a0714d to your computer and use it in GitHub Desktop.
Download ZIP
LetsEncrypt + nginx
Raw
README.md

Renew LetsEncrypt certificates monthly on Ubuntu 14.04

Let's install the command line client somewhere useful and setup some directories

git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
mkdir /etc/letsencrypt/configs
touch /var/log/letsencrypt.log

We'll create some files as needed for each of the groups of domains we wish to renew, at /etc/letsencrypt/configs, and use letsencrypt-example.ini as a template for it. Finally, we should add renew-letsencrypt.sh to our crontab

crontab -e
# @monthly /path/to/renew-letsencrypt.sh 2>&1 >> /var/log/letsencrypt.conf

Nginx

We'll have to configure each non-https server to serve the challenge responses by doing something like this:

server {
  listen 80;
  server_name www.domain.tld domain.tld;

  # Serve the challenge responses
  location /.well-known/acme-challenge {
    root /var/www/letsencrypt;
  }
  
  # Redirect to https otherwise
  location / {
  	return 301 https://domain.tld$request_uri;
  }
}
Raw
letsencrypt-example.ini
# A comma-separated list of domains to issue certs for
domains = www.domain.tld,domain.tld
# Use this size for our keys
rsa-key-size = 4096
# Remind me if my certs are about to expire
email = your@email.tld
# Don't use nCurses
text = True
# We'll let nginx serve the requests
authenticator = webroot
# Path to wherever we'll store temporary challenge responses
webroot-path = /var/www/letsencrypt
Raw
renew-letsencrypt.sh
#!/bin/sh
for conf in $(ls /etc/letsencrypt/configs/*.ini); do
/opt/letsencrypt/letsencrypt-auto certonly -c "$conf" --renew-by-default
done
nginx -s reload
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment