Let's Encrypt Install Steps

install

# apt-get update && apt-get -y install git
# cd /usr/local/src/ && git clone https://github.com/letsencrypt/letsencrypt && cd letsencrypt/
# mkdir -p /usr/local/etc/letsencrypt/ && cp examples/cli.ini /usr/local/etc/letsencrypt/cli.ini
# nano /usr/local/etc/letsencrypt/cli.ini
# ./letsencrypt-auto certonly --config /usr/local/etc/letsencrypt/cli.ini

apache.conf

<VirtualHost *:80>
    ServerName ...
    Redirect permanent / https://.../
</VirtualHost>

<VirtualHost *:443>
    ...
    SSLEngine on
    
    # http://letsencrypt.readthedocs.org/en/latest/using.html#where-are-my-certificates
    # Apache < 2.4.8
    SSLCertificateFile /etc/letsencrypt/live/$server_name/cert.pem # replace $server_name with your host
    # Apache >= 2.4.8
    SSLCertificateFile /etc/letsencrypt/live/$server_name/fullchain.pem # replace $server_name with your host
    
    SSLCertificateKeyFile /etc/letsencrypt/live/$server_name/privkey.pem # replace $server_name with your host
    SSLCertificateChainFile /etc/letsencrypt/live/$server_name/chain.pem # replace $server_name with your host
    ...
</VirtualHost>

crontab

# install: /usr/local/src/letsencrypt/letsencrypt-auto certonly --config /usr/local/etc/letsencrypt/cli.ini
0 3 * * 0 /usr/local/src/letsencrypt/letsencrypt-auto renew --non-interactive && /usr/sbin/service nginx reload

nginx.conf

server {
    ...
    ssl on;
    ssl_certificate /etc/letsencrypt/live/$server_name/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/$server_name/privkey.pem;
    ...
    # letsencrypt acme challenge
    location ~ /.well-known {
        allow all;
    }
    ...
}