Install and configure free Let’s Encrypt SSL certificates

In this blog you can find the commands I used in the video explaining installation and configuration of Let’s Encrypt Certificates. Please watch the video for a detailed explanation and demo.

Let's Encrypt installation & configuration

Edit Nginx configuration to allow /.well-known/acme-challenge

vim /etc/nginx/sites-available/default
# Add below section
location ^~ /.well-known/acme-challenge/ {
  allow all;
}
# Save and reload nginx
service nginx reload    

Install GIT and clone Certbot repository under /opt (or any directory of your choice)

sudo apt install -y git
cd /opt
git clone https://github.com/certbot/certbot    

Create certificates for your domain using certbot-auto. Make sure you change your domain name, email address and domain root accordingly

cd /opt/certbot
./certbot-auto certonly --webroot -w /var/www/html -d prasaddomala.me --non-interactive --agree-tos --email prasad.domala@gmail.com    

Edit Nginx configuration to enable SSL and add new Let’s Encrypt Certificates. Change the certificate path based on your domain name

vim /etc/nginx/sites-available/default
# Add below lines to the configuration and reload nginx
listen 443 ssl default_server;
ssl_certificate    /etc/letsencrypt/live/prasaddomala.me/fullchain.pem;
ssl_certificate_key    /etc/letsencrypt/live/prasaddomala.me/privkey.pem;
service nginx reload    

Certificate renewal

cd /opt/certbot
./certbot-auto renew --webroot -w /var/www/html --force-renewal            

#certificates #letsencrypt #ssl