Getting TLS certs with lets encrypt (certbot) for a Debian 9 (Stretch) Server running Nginx

I needed to get TLS certs with lets encrypt for a Debian 9 (Stretch) with nginx web-server.

It's super easy to get TLS certificates with certbot. Please note that there are several ways to do a ACME verification. Using apache looks similar to using nginx. There's also a standalone server built into certbot should you have no http server running.

# install required packages
sudo apt install certbot python-cerbot-nginx

# get certificates
# use the fqdn (full qualified domain name) of the machine you're running
# this on instead or example.com. Also supply a mail address for
# notifications from lets encrypt instead of hostmaster@example.com
sudo certbot certonly --agree-tos --nginx -d example.com -m hostmaster@example.com

# add cronjob for renewing certs
sudo bash -c '(crontab -l; echo "@daily certbot renew --quiet") | crontab -'

That's it. Go ahead and take a look at your certificates.

sudo ls -l /etc/letsencrypt/live


written by uniq on 2017-08-25