Skip to content

Instantly share code, notes, and snippets.

Last active March 28, 2024 10:35
Show Gist options
  • Save davestevens/c9e437afbb41c1d5c3ab to your computer and use it in GitHub Desktop.
Save davestevens/c9e437afbb41c1d5c3ab to your computer and use it in GitHub Desktop.
Let’s Encrypt setup for Apache, NGINX & Node.js

Let's Encrypt

Examples of getting certificates from Let's Encrypt working on Apache, NGINX and Node.js servers.

Obtain certificates

I chose to use the manual method, you have to make a file available to verify you own the domain. Follow the commands from running

git clone
cd letsencrypt
./letsencrypt-auto certonly --manual --email -d

This creates a directory: /etc/letsencrypt/live/ containing certificate files:

  • cert.pem
  • chain.pem
  • fullchain.pem
  • privkey.pem


var https = require('https');
var fs = require('fs');

var options = {
  key: fs.readFileSync('/etc/letsencrypt/live/'),
  cert: fs.readFileSync('/etc/letsencrypt/live/'),
  ca: fs.readFileSync('/etc/letsencrypt/live/')

https.createServer(options, function (req, res) {
  res.end("hello world\n");


LoadModule ssl_module libexec/apache2/
Listen 443
<VirtualHost *:443>
  SSLEngine on
  SSLCertificateFile "/etc/letsencrypt/live/"
  SSLCertificateKeyFile "/etc/letsencrypt/live/"
  SSLCertificateChainFile "/etc/letsencrypt/live/"


server {
    listen              443 ssl;
    ssl_certificate     /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;
Copy link

for nginx add
ssl_trusted_certificate /etc/letsencrypt/live/

or you'll get validation errors on some android browsers.

Copy link

Hello, does it work for all websites version ? www and non-www version ?

It didn't work for my website. I have added

server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;

but doesn't work for my www version

could you give me a little hand on it :)

Copy link

Magiccamera commented Jun 1, 2017

I just switched from nginx to apache under direction from my boss (I cringed at the notion... but was easier done than said). Apparently it's straight forward to update your letsencrypt.

To prepare Apache properly for SSL follow this tutorial for centos 7 here:
The tutorial feels vague, but there are just a couple of relevant parts you need to do beforehand. I did it ass backwards until I realised I was a total numpty.

Create your vhosts for port 80 for all your domains, start your server and then run sudo certbot --apache and follow the questions. Letsencrypt creates your ssl conf files for you where-ever they may reside such as in /etc/httpd/sites-enabled. It even injects a re-direct to your VirtualHost *80 files. So you need to keep those enabled.

Copy link

I install letsencrypt for nodejs, when execute node index.js:

      c.context.setKey(options.key, options.passphrase);

Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
    at Error (native)
    at Object.createSecureContext (_tls_common.js:85:17)
    at Server (_tls_wrap.js:776:25)
    at new Server (https.js:26:14)
    at Object.exports.createServer (https.js:47:10)
    at Object.<anonymous> (/home/sites/api-ten2go/index.js:16:7)
    at Module._compile (module.js:570:32)
    at Object.Module._extensions..js (module.js:579:10)
    at Module.load (module.js:487:32)
    at tryModuleLoad (module.js:446:12)

Copy link

For two weeks I'd banged my head on the interwebs to figure out why Internet Explorer 11 was rejecting the connection to the websocket I had attached to the https server. It was Avast Antivirus blocking it! Only happened in IE11.

Then by chance I realised I wasn't loading the "ca" file on the https options....

Thanks to your post, I know which file I should for the "ca", since letsencrypt also has a "fullchain" cert.

Copy link

ngoma84 commented Apr 3, 2018

for node js, in case you get permission denied error.
sudo chmod 755 /etc/letsencrypt/live/
sudo chmod 755 /etc/letsencrypt/archive/

Copy link

FYI: The python implementation of "letsencrypt" is now "certbot" and the node.js implementation is now Greenlock for Web Servers and Greenlock for API Integrations

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment