How to install Letsencrypt Certificates with Certbot in Ubuntu

by Janeth Kent Date: 09-05-2020 ubuntu linux ssl certbot letsencrypt

In this article we will explain how to install, manage and configure the SSL Security certificate, Let's Encypt in NGINX server used as proxy. This certificate is free but does not offer any guarantee and has to be renewed every 3 months.
We recommend that users with shell access use the ACME client called Certbot. This can automate the issuance and installation of certificates with zero downtime. It also has expert modes for people who do not want to self-configure. It's easy to use, works on many operating systems, and has great documentation.

Certbot Installation and NGINX configuration

Install Certbot's Nginx package with apt-get.

sudo apt-get install python-certbot-nginx

sudo certbot -i nginx -a webroot -w /var/www/mysite.org -d www.mysite.org

edit the nginx config file for /etc/nginx/sites-available/default.

server {
listen 443 ssl;
server_name mysite.org;
ssl_certificate /etc/letsencrypt/live/mysite.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.org/privkey.pem;
location / {
proxy_pass http://127.0.0.1:80;
proxy_set_header X-Real-IP  $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}

Nginx reverse proxy with multiple ssl domains

In order to have NGINX resolve multiple domain names to independent proxies, you will need to setup a server block for each domain that you are using

server {
        listen 443 ssl;

        server_name www.site1.com;
    	ssl_certificate /etc/letsencrypt/live/www.site1.com/fullchain.pem; # managed by Certbot
    	ssl_certificate_key /etc/letsencrypt/live/www.site1.com/privkey.pem; # managed by Certbot


        location / {
            proxy_pass http://127.0.0.1:80;
            proxy_set_header X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-Port 443;
            proxy_set_header Host $host;
        }
        
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

}

server {
        listen 443 ssl;

        server_name admin.site2.com;
    	ssl_certificate /etc/letsencrypt/live/admin.site2.com/fullchain.pem; # managed by Certbot
    	ssl_certificate_key /etc/letsencrypt/live/admin.site2.com/privkey.pem; # managed by Certbot

        location / {
            proxy_pass http://127.0.0.1:80;
            proxy_set_header X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-Port 443;
            proxy_set_header Host $host;
        }
        
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

}

now you can test the certificates renew

certbot renew --dry-run

Now we want that the certificate renews automatically every 3 months, so we are going to add a cronjob in the server that checks the if the certificates are valid every day.

First Create a file /root/letsencrypt.sh:

#!/bin/bash
systemctl reload nginx

Then make it executable:

chmod +x /root/letsencrypt.sh

Edit cron:

sudo crontab -e

And add the executable to cronjob with the line:

20 3 * * * certbot renew --noninteractive --renew-hook /root/letsencrypt.sh

Command to Delete Certbot Certificate

If you want to delete a certificate of a site, a feature exists to perform the deletion automatically for you. This command will offer an index from which you can select the domain name to delete:

$ sudo certbot delete

Type the index number of the domain name’s certificate you want to delete and press enter. The issued certificate will be then deleted.

by Janeth Kent Date: 09-05-2020 ubuntu linux ssl certbot letsencrypt hits : 8697

How To Use Varnish As A Highly Available Load Balancer On Ubuntu 20.04 With SSL

Load balancing with high availability can be tough to set up. Fortunately, Varnish HTTP Cache server provides a dead simple highly available load balancer that will also work as a…

How to install a Linux partition on a Windows 10 PC

In spite of a past we could say almost confronted, the approach between Windows and Linux is accelerating more and more, drawing a story closer to love than to hate.…

WSL2 is released to run Linux distributions on Windows

If you are reading about this for the first time, the Windows Subsystem for Linux is a kind of virtual machine that allows you to run the Linux terminal on…

Linux For Dummies: Permissions

In the previous articles I made a short introduction to the Unix world and in the following article I have dealt with the basic commands for the file system management. Today we are…

Linux for Dummies: Ubuntu Terminal

I introduced in the previous article, available here, the basic concepts concerning the Linux world. Today we are going to have a look to some basic operations that we can perform…

Linux for Dummies: Introduction

If you have thought about migrating from Windows to a Unix operating system, or Linux specifically there are things you should know. The goal is to give essential information (and…

How to setup Free Let’s Encrypt SSL certificates with ISPConfig 3

Let’s Encrypt is an initiative to provide a better way of enabling encryption on websites. It is open, automated and above all: it offers free SSL certificates. Obtaining SSL certificates was always…

The Best RSS Readers for Ubuntu

Even if most of the tech experts actively claim that RSS (Rich Site Summary) is dead especially after Google Reader was discontinued 5 years ago but it isn’t yet as…

80 Linux Network Monitor Software & Tools for Managing & Monitoring Unix/Linux Systems

It’s hard work monitoring and debugging Linux performance problems, but it’s easier with the right tools at the right time. Finding a Linux Network Monitor tool or Software package for…

How to Set up a Fully Functional Mail Server on Ubuntu 16.04 with iRedMail

Setting up your own mail server from scratch on Linux is complex and tedious, until you meet iRedMail. This tutorial is going to show you how you can easily and…

GIMP 2.10 released: Features 32-bit support, new UI and A Ton Of Improvements

It's been over a half-decade since the GIMP 2.8 stable debut and today marks the long-awaited release of GIMP 2.10, its first major update in six years. And among other…

Setting Up SFTP on Ubuntu 16.04

I recently had a request to setup SFTP for a customer so they could manage a set of files in their environment through an FTP GUI. Being an avid user…

Blog Categories

Latest news from Hi-Tech world

What is a JWT token and how does it work?

JWT tokens are a standard used to create application access tokens, enabling user authentication in web applications. Specifically, it follows the RFC 7519 standard. What is a JWT token A JWT token…

Infinite scrolling with native JavaScript using the Fetch API

I have long wanted to talk about how infinite scroll functionality can be implemented in a list of items that might be on any Web page. Infinite scroll is a technique…

PHP Recursive Backup of MySql Database

Snippet: This script can be used to make backup of your MySql database, you can use the script in conjunction with cronjobs $user = 'myuser'; $passwd = 'mypass'; $host = 'myhost'; $db = 'mydb'; //…

How to include a JavaScript file in another JavaScript file

Some time ago we wrote about how to Import one JS file into another in the plain JS, those techniques described were quite old and in the modern era javascript…

10 Best Free Ecommerce Solutions On The Market

As the digital landscape continues to evolve, ecommerce has become an essential part of businesses worldwide. Entrepreneurs, small businesses, and even established enterprises are seeking robust and costeffective solutions to…

Optimizing the Robots.txt file for Google

The Robots.txt file serves to give information to Googlebot and other robots that crawl the Internet about the pages and files that should be indexed on our website. Although it…

Use the SRCSET attribute to improve your SEO

There is a new standard HTML attribute that can be used in conjunction with IMG called SRCSET. It is new and important as it allows webmasters to display different images…

How to generate an SSH key and add it to GitHub

In this short tutorial we are going to see how you can generate a new SSH key and add it to GitHub, so you can access your private repositories and…

How to securely access the Dark Web in 15 steps. Second part

Let's continue with the 2nd part of our article in which we try to give you some advice on how to safely and securely explore the dark web. Let's restart from…

How to securely access the Dark Web in 15 steps. First part

The dark web can be a pretty dangerous place if you don't take the right precautions. You can stay relatively safe with a good antivirus and a decent VPN. However,…

How the Internet has Influenced Businesses

The internet has transformed the way that people live their lives. You can access a wealth of knowledge from a device that fits in your hand. Yes, it’s used for…

How to recognise cyber-violence

Cyber-violence, i.e. the digital dimension of violence that mainly affects women and is closely linked to the violence that occurs in the 'real world', is a growing phenomenon that is…

The demise of Third-Party Cookies could decrease marketing effectiveness by up to 30%

In recent years, the digital advertising industry has been undergoing significant transformations. One of the most impactful changes is the impending demise of third-party cookies, which could potentially diminish marketing…

Transitioning from a Home Office to a Virtual Office

The traditional concept of the office has undergone a substantial transformation in recent years. With advancements in technology and changes in work culture, more professionals are embracing remote work options,…

The Best Free SSH Tabbed Terminal Clients for Windows

PuTTy is an emulator for the terminal. It allows you to log into another computer that can be on the same network or accessed via the internet. The basic program…

How to write our own Privacy Policy

In this article we will talk about Privacy Policy statements, how you can write one and implement it on your page. Why did it pop up? These days when we browse on…

Why businesses need to be familiar with APIs

APIs serve as intermediaries between software, allowing them to communicate with each other and perform various functions like data sharing or processing. APIs provide the protocols, definitions, tools, and other…

Examine the 10 key PHP functions I use frequently

PHP never ceases to surprise me with its built-in capabilities. These are a few of the functions I find most fascinating. 1. Levenshtein This function uses the Levenshtein algorithm to calculate the…

How to Write an Amazon Listing That Converts

If you are one of the 2.5 million sellers on Amazon, you’ll know that the platform has incredible potential for profits. However you’ll also know the competition is fierce and…

Alternative tools for graphic design

There are many people today who only use the following for design purposes Canva as it is a really popular software and website and there is no denying that it…

Donate Bitcoins

Help us survive and sustain ourselves to allow us to write interesting articles and content for free for you.

Click in the bitcoin logo or scan the code with your wallet app in your mobile phone

projects

Social

Ma-No Web Design and Development

How to install Letsencrypt Certificates with Certbot in Ubuntu

Certbot Installation and NGINX configuration

Nginx reverse proxy with multiple ssl domains

Command to Delete Certbot Certificate

Related Posts