Getting TLS certs with lets encrypt (certbot) for a Debian 9 (Stretch) Server running Nginx
I needed to get TLS certs with lets encrypt for a Debian 9 (Stretch)
with nginx web-server.
It's super easy to get TLS certificates with certbot. Please note that there
are several ways to do a ACME verification. Using apache looks similar to
using nginx. There's also a standalone server built into certbot should you
have no http server running.
# install required packages
sudo apt install certbot python-cerbot-nginx
# get certificates
# use the fqdn (full qualified domain name) of the machine you're running
# this on instead or example.com. Also supply a mail address for
# notifications from lets encrypt instead of hostmaster@example.com
sudo certbot certonly --agree-tos --nginx -d example.com -m hostmaster@example.com
# add cronjob for renewing certs
sudo bash -c '(crontab -l; echo "@daily certbot renew --quiet") | crontab -'
That's it. Go ahead and take a look at your certificates.
sudo ls -l /etc/letsencrypt/live
sources: