Letsencrypt setup | Free automated SSL certificates
mouse 320 · person cloud · link
Last update
2017-12-23
2017
12-23
« — »

I chose acme.sh shell script among the available clients because it is simple to install and does not require any extra library.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# 1. install script:
git clone https://github.com/Neilpang/acme.sh.git acme.sh.repo

cd acme.sh.repo

DIR="$HOME/letsencrypt"
./acme.sh --install                           \
  --home          $DIR/acme.sh                \
  --certhome      $DIR/certs                  \
  --accountkey    $DIR/acme.sh/myaccount.key  \
  --accountconf   $DIR/acme.sh/myaccount.conf \
  --accountemail  "xxx@yyy.com"

exit # and reopen a shell

# 2. set autoupdate of the script:
acme.sh --upgrade --auto-upgrade

# 3. run it twice per day on a random minute, set crontab:
#    see: https://certbot.eff.org/#debianwheezy-nginx
10  0 * * * /path_to/acme.sh/acme.sh --cron --home /path_to/acme.sh > /dev/null
20 12 * * * /path_to/acme.sh/acme.sh --cron --home /path_to/acme.sh > /dev/null

# 4. issue a certificate:
acme.sh --issue -d acavalin.com -d www.acavalin.com -w /path_to/webserver_public_root

# 5. install certificate for NGINX (do not manually copy acme.sh files!):
acme.sh --installcert -d acavalin.com \
  --keypath       /path_to/ssl_app.key \
  --fullchainpath /path_to/ssl_app.crt \
  --reloadcmd     "/path_to/server_script.sh restart"

NOTE 1: all commands will update the configuration files present in --home and --certhome.

NOTE 2: issued certificates will be valid for 60 days by default.


Reference: Let's Encrypt HP and acme.sh