Adding Letsencrypt To Website

19 May 2019

I love letsencrypt, but I don’t deploy servers often enough to commit this to memory, but I do create a lot of public-facing websites!

Quick steps to get up and running:

  1. Install, you only have to do this once per host. In this case, I’m using nginx:

    sudo yum install certbot python2-certbot-nginx

    but it’ll work for Apache, too. Just substitute nginx for apache in the above command.

  2. Add your certificate

    sudo certbot --nginx certonly -d chrisjones.dev

  3. Configure nginx to host your server in /etc/nginx/conf.d/chrisjones-dev.conf:

     server {
       if ($host = www.chrisjones.dev) {
         return 301 https://chrisjones.dev$request_uri;
       }
    
       server_name chrisjones.dev;
       root /srv/chrisjones.dev;
    
       listen 443 ssl;
       ssl_certificate /etc/letsencrypt/live/chrisjones.dev/fullchain.pem; 
       ssl_certificate_key /etc/letsencrypt/live/chrisjones.dev/privkey.pem;
       include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
       ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
     }
    
     server {
       if ($host = www.chrisjones.dev) {
         return 301 https://chrisjones.dev$request_uri;
       }
    
       if ($host = chrisjones.dev) {
         return 301 https://$host$request_uri;
       } 
    
       listen 80;
       server_name chrisjones.dev;
       return 404;
     }
    
  4. Start or Reload nginx

  5. Lastly, setup auto-renewal. Again, you only have to do this once per server in cron:

    # crontab -e
    
    15 3 * * * /usr/bin/certbot renew --quiet
    

That’ll quickly get you up and running with renewable certs from LetsEncrypt!

Tags: devops

Published on 19 May 2019 Find me on LinkedIn!