Skip to content

Instantly share code, notes, and snippets.

Created July 5, 2018 20:03
Show Gist options
  • Save BarbaraEster/69d5187ec2546344b87de4c32360c773 to your computer and use it in GitHub Desktop.
Save BarbaraEster/69d5187ec2546344b87de4c32360c773 to your computer and use it in GitHub Desktop.
Please deploy a DNS TXT record under the name with the following value:
Before continuing, verify the record is deployed.
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
- Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Your cert will expire on 2018-10-03. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt:
Donating to EFF:
root@on3w-cool:/# cd /etc/letsencrypt/live/
root@on3w-cool:/etc/letsencrypt/live/ ls
cert.pem chain.pem fullchain.pem privkey.pem README
root@on3w-cool:/etc/letsencrypt/live/ cd /usr/local/bin
root@on3w-cool:/usr/local/bin# wget
--2018-07-05 19:51:39--
Resolving (
Connecting to (||:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8984 (8.8K) [text/plain]
Saving to: ‘’ 100%[===========================================================================================>] 8.77K --.-KB/s in 0s
2018-07-05 19:51:39 (41.1 MB/s) - ‘’ saved [8984/8984]
root@on3w-cool:/usr/local/bin# sudo chmod a+x
Let's Encrypt is not installed/found. Would you like to continue to install it?
Y or Ny
Get:1 xenial-security InRelease [107 kB]
Hit:2 xenial InRelease
Hit:3 xenial InRelease
Get:4 xenial-updates InRelease [109 kB]
Ign:5 xenial InRelease
Hit:6 xenial Release
Get:8 xenial-backports InRelease [107 kB]
Get:9 xenial-updates/main amd64 Packages [804 kB]
Get:10 xenial-updates/main i386 Packages [733 kB]
Get:11 xenial-updates/universe amd64 Packages [641 kB]
Get:12 xenial-updates/universe i386 Packages [585 kB]
Get:13 xenial-updates/universe Translation-en [258 kB]
Get:14 xenial-updates/multiverse amd64 Packages [16.4 kB]
Get:15 xenial-updates/multiverse i386 Packages [15.5 kB]
Fetched 3,374 kB in 2s (1,559 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-headers-4.4.0-116 linux-headers-4.4.0-116-generic linux-image-4.4.0-116-generic linux-image-extra-4.4.0-116-generic
Use 'sudo apt autoremove' to remove them.
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 7 not upgraded.
Need to get 5,546 B of archives.
After this operation, 13.3 kB of additional disk space will be used.
Get:1 xenial/main amd64 letsencrypt all 0.25.0-1+ubuntu16.04.1+certbot+1 [5,546 B]
Fetched 5,546 B in 0s (26.2 kB/s)
Selecting previously unselected package letsencrypt.
(Reading database ... 137132 files and directories currently installed.)
Preparing to unpack .../letsencrypt_0.25.0-1+ubuntu16.04.1+certbot+1_all.deb ...
Unpacking letsencrypt (0.25.0-1+ubuntu16.04.1+certbot+1) ...
Setting up letsencrypt (0.25.0-1+ubuntu16.04.1+certbot+1) ...
Let's Encrypt SSL Certificate Generator
For ServerPilot-managed server instances
Written by Rudy Affandi (2016)
Please enter your app name:
Please enter the System User name for the app:
Please enter all the domain names and sub-domain names
you would like to use, separated by space
Generating SSL certificate for myselfinmylife
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/
What would you like to do?
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
Certificate not yet due for renewal; no action taken.
Creating configuration file /etc/nginx-sp/letsencrypt.d/letsencrypt-acme-challenge.conf for ACME
location ~ /\.well-known\/acme-challenge {
allow all;
location = /.well-known/acme-challenge/ {
return 404;
Creating configuration file for myselfinmylife in the /etc/nginx-sp/vhosts.d
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ;
ssl on;
# letsencrypt certificates
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;
#SSL Optimization
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:20m;
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response
ssl_trusted_certificate /etc/letsencrypt/live/;
#root directory and logfiles
root /srv/users/serverpilot/apps/myselfinmylife/public;
access_log /srv/users/serverpilot/log/myselfinmylife/myselfinmylife_nginx.access.log main;
error_log /srv/users/serverpilot/log/myselfinmylife/myselfinmylife_nginx.error.log;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
include /etc/nginx-sp/vhosts.d/myselfinmylife.d/*.conf;
include /etc/nginx-sp/letsencrypt.d/*.conf;
We're almost done here. Opening HTTPS Port and Restarting nginx...
Rule added
Rule added (v6)
Your Let's Encrypt SSL certificate has been installed. Please update your .htaccess to force HTTPS on your app
To enable auto-renewal, add the following to your crontab:
0 */12 * * * letsencrypt renew && service nginx-sp reload
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment