This guide is written for Nginx on an Ubuntu 18.04 server but you should be able to follow along with older versions of Ubuntu. For Apache or any other server and different versions of Ubuntu (or other operating systems) check https://certbot.eff.org/ .

1. Installing Certbot on Ubuntu

Installing certbot on the server

sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot python-certbot-nginx

2. Run Certbot

After installing, run Certbot:

sudo certbot --nginx

If you just need a certificate only run:

sudo certbot --nginx certonly

Wildcard certificates (Optional):

If you want to obtain a wildcard certificate (for subdomains such as test.example.com or app.example.com) using Let’s Encrypt’s new ACMEv2 server, you’ll also need to use one of Certbot’s DNS plugins:

# REPLACE *.example.com and example.com with your domain!sudo certbot -a dns-plugin -i nginx -d "*.example.com" -d example.com --server https://acme-v02.api.letsencrypt.org/directory

How to renew certificates:

Since certificates last 90 days, you have to renew them preferably before they expire by using the following command:

sudo certbot renew

Automated certificate renewal with Cron

Having to manually renew certificates is inefficient and therefore we are going to create a cron job so that the server automatically does that for us.

sudo crontab -e

If its your first time you will get the option to choose an editor, use Nano if you don’t know much about editors.

NOTE!: Certbot requires sudo to execute properly meaning that the cron should be assigned to the user: root by using sudo crontab -e. if you are already the root user you can just use: crontab -e

Use the arrows to go to the end of the file and then type the following:

#renews SSL certificate every day at 8:00 0 8 * * * sudo certbot renew

to save and exit the editor press CTRL+X and press Y to save.

For more information on Cron and Cron jobs check this out: https://www.ostechnix.com/a-beginners-guide-to-cron-jobs/

Note:

You can test if the renewal of certificates without actually requesting them by running the following command:

sudo certbot renew --dry-run

If you have any questions or you are struggling with any part let me know.

1. Installing Certbot on Ubuntu

2. Run Certbot

Wildcard certificates (Optional):

How to renew certificates:

Automated certificate renewal with Cron

You Might Also Like...