This script set help your renew your certificate from Let's Encrypt.
Suppose you have a domain example.com
-
Generate a private key
mkdir -p /etc/letsencrypt openssl genrsa 2048 > /etc/letsencrypt/example.com.key
-
Install script set
- Copy
renew
in this gist to/etc/letsencrypt/
- Copy
letsencrypt@.timer
andletsencrypt.service
in this gist to/etc/systemd/system
- Copy
-
Write an OpenSSL certificate request configuration
See
example.com.cnf
as example. -
Configure your web server
Let's encrypt will access
http://example.com/.well-known/xxxxxxxx
to do domain verification.Configure your web server to make sure such request will response a file of
/var/www/letsencrypt/webroot/xxxxxxxx
, seenginx.conf
of this gist as an example. -
Enable the systemd timer
Execute the following command to get your certificate
systemctl start letsencrypt@example.com.service
Execute the following command to let systemd run the above command once a month.
systemctl enable letsencrypt@example.com.timer
Your certificates will be put at
/var/www/certificates/example.com/
, which is a link to/var/www/archieves/example.com-YYYY-MM-dd
, all certificates are archieved.Once your certificates got renewed, the symbol link
/var/www/certificates/example.com/
will be update