Skip to content

Instantly share code, notes, and snippets.

@viper25
Last active October 21, 2021 07:44
Show Gist options
  • Save viper25/4e980e00acf7d915f2eaf28352fbcad4 to your computer and use it in GitHub Desktop.
Save viper25/4e980e00acf7d915f2eaf28352fbcad4 to your computer and use it in GitHub Desktop.
LetsEncrypt

NGIX Config

Check NGIX config

sudo nano /etc/nginx/sites-available/default

Ensure server_name points to the proper DNS name

server_name server.example.com

Install Certbot

Follow instructions at https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx

stosc@auction01:/etc/nginx/sites-enabled$  sudo certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: harvest.stosc.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Requesting a certificate for harvest.stosc.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/harvest.example.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/harvest.example.com/privkey.pem
This certificate expires on 2022-01-02.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for harvest.stosc.com to /etc/nginx/sites-enabled/default
Congratulations! You have successfully enabled HTTPS on https://example.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Certbot Commands

Renew a cert

sudo certbot renew --dry-run

List a cert

sudo certbot certificates

Revoke a cert

sudo certbot revoke --cert-path /etc/letsencrypt/archive/${YOUR_DOMAIN}/cert1.pem --reason keycompromise
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment