How to Install Letsencrypt Certificates With Certbot in Ubuntu

by Janeth Kent Date: 09-05-2020 ubuntu linux ssl certbot letsencrypt


In this article we will explain how to install, manage and configure the SSL Security certificate, Let's Encypt in NGINX server used as proxy. This certificate is free but does not offer any guarantee and has to be renewed every 3 months.
We recommend that users with shell access use the ACME client called Certbot. This can automate the issuance and installation of certificates with zero downtime. It also has expert modes for people who do not want to self-configure. It's easy to use, works on many operating systems, and has great documentation.

Certbot Installation and NGINX configuration

Install Certbot's Nginx package with apt-get.

sudo apt-get install python-certbot-nginx
sudo certbot -i nginx -a webroot -w /var/www/mysite.org -d www.mysite.org

edit the nginx config file for /etc/nginx/sites-available/default.

server {
listen 443 ssl;
server_name mysite.org;
ssl_certificate /etc/letsencrypt/live/mysite.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.org/privkey.pem;
location / {
proxy_pass http://127.0.0.1:80;
proxy_set_header X-Real-IP  $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}

Nginx reverse proxy with multiple ssl domains

In order to have NGINX resolve multiple domain names to independent proxies, you will need to setup a server block for each domain that you are using

server {
        listen 443 ssl;

        server_name www.site1.com;
    	ssl_certificate /etc/letsencrypt/live/www.site1.com/fullchain.pem; # managed by Certbot
    	ssl_certificate_key /etc/letsencrypt/live/www.site1.com/privkey.pem; # managed by Certbot


        location / {
            proxy_pass http://127.0.0.1:80;
            proxy_set_header X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-Port 443;
            proxy_set_header Host $host;
        }
        
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

}

server {
        listen 443 ssl;

        server_name admin.site2.com;
    	ssl_certificate /etc/letsencrypt/live/admin.site2.com/fullchain.pem; # managed by Certbot
    	ssl_certificate_key /etc/letsencrypt/live/admin.site2.com/privkey.pem; # managed by Certbot

        location / {
            proxy_pass http://127.0.0.1:80;
            proxy_set_header X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-Port 443;
            proxy_set_header Host $host;
        }
        
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

}

now you can test the certificates renew

certbot renew --dry-run


Now we want that the certificate renews automatically every 3 months, so we are going to add a cronjob in the server that checks the if the certificates are valid every day. 

First Create a file /root/letsencrypt.sh:

#!/bin/bash
systemctl reload nginx

Then make it executable:

chmod +x /root/letsencrypt.sh


Edit cron:

sudo crontab -e

And add the executable to cronjob with the line:

20 3 * * * certbot renew --noninteractive --renew-hook /root/letsencrypt.sh

Command to Delete Certbot Certificate

If you want to delete a certificate of a site, a feature exists to perform the deletion automatically for you. This command will offer an index from which you can select the domain name to delete:

$ sudo certbot delete

Type the index number of the domain name’s certificate you want to delete and press enter. The issued certificate will be then deleted.

 
by Janeth Kent Date: 09-05-2020 ubuntu linux ssl certbot letsencrypt hits : 3321  
 
Janeth Kent

Janeth Kent

Licenciada en Bellas Artes y programadora por pasión. Cuando tengo un rato retoco fotos, edito vídeos y diseño cosas. El resto del tiempo escribo en MA-NO WEB DESIGN END DEVELOPMENT.

 
 
 

Related Posts

How to install a Linux partition on a Windows 10 PC

In spite of a past we could say almost confronted, the approach between Windows and Linux is accelerating more and more, drawing a story closer to love than to hate.…

WSL2 is released to run Linux distributions on Windows

If you are reading about this for the first time, the Windows Subsystem for Linux is a kind of virtual machine that allows you to run the Linux terminal on…

Linux For Dummies: Permissions

In the previous articles I made a short introduction to the Unix world and in the following article I have dealt with the basic commands for the file system management. Today we are…

Linux for Dummies: Ubuntu Terminal

I introduced in the previous article, available here, the basic concepts concerning the Linux world. Today we are going to have a look to some basic operations that we can perform…

Linux for Dummies: Introduction

If you have thought about migrating from Windows to a Unix operating system, or Linux specifically there are things you should know. The goal is to give essential information (and…

How to setup Free Let’s Encrypt SSL certificates with ISPConfig 3

Let’s Encrypt is an initiative to provide a better way of enabling encryption on websites. It is open, automated and above all: it offers free SSL certificates. Obtaining SSL certificates was always…

The Best RSS Readers for Ubuntu

Even if most of the tech experts actively claim that RSS (Rich Site Summary) is dead especially after Google Reader was discontinued 5 years ago but it isn’t yet as…

80 Linux Network Monitor Software & Tools for Managing & Monitoring Unix/Linux Systems

It’s hard work monitoring and debugging Linux performance problems, but it’s easier with the right tools at the right time. Finding a Linux Network Monitor tool or Software package for…

How to Set up a Fully Functional Mail Server on Ubuntu 16.04 with iRedMail

Setting up your own mail server from scratch on Linux is complex and tedious, until you meet iRedMail. This tutorial is going to show you how you can easily and…

GIMP 2.10 released: Features 32-bit support, new UI and A Ton Of Improvements

It's been over a half-decade since the GIMP 2.8 stable debut and today marks the long-awaited release of GIMP 2.10, its first major update in six years. And among other…

Setting Up SFTP on Ubuntu 16.04

I recently had a request to setup SFTP for a customer so they could manage a set of files in their environment through an FTP GUI. Being an avid user…

Install Java in Ubuntu 16.04

Java and the JVM (Java's virtual machine) are widely used and required for many kinds of software. This article will guide you through the process of installing and managing different…

We use our own and third-party cookies to improve our services, compile statistical information and analyze your browsing habits. This allows us to personalize the content we offer and to show you advertisements related to your preferences. By clicking "Accept all" you agree to the storage of cookies on your device to improve website navigation, analyse traffic and assist our marketing activities. You can also select "System Cookies Only" to accept only the cookies required for the website to function, or you can select the cookies you wish to activate by clicking on "settings".

Accept All Only sistem cookies Configuration