Created
July 7, 2022 09:42
-
-
Save taufiqpsumarna/8677e2a663b352444746f1a3632b2444 to your computer and use it in GitHub Desktop.
Cerbot SSL Let's Encrypt nginx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Install Certbot and it’s Nginx plugin with apt: | |
sudo apt install certbot python3-certbot-nginx | |
### To check, open the configuration file for your domain using nano or your favorite text editor: | |
sudo nano /etc/nginx/sites-available/example.com | |
### Obtaining an SSL Certificate | |
sudo certbot --nginx -d example.com -d www.example.com | |
This runs certbot with the --nginx plugin, using -d to specify the domain names we’d like the certificate to be valid for. | |
### Verifying Certbot Auto-Renewal | |
Let’s Encrypt’s certificates are only valid for ninety days. This is to encourage users to automate their certificate renewal process. The certbot package we installed takes care of this for us by adding a systemd timer that will run twice a day and automatically renew any certificate that’s within thirty days of expiration. | |
You can query the status of the timer with systemctl: | |
sudo systemctl status certbot.timer | |
To test the renewal process, you can do a dry run with certbot: | |
sudo certbot renew --dry-run |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment