User Tools

Site Tools




lets encrypt

free ssl certs for everyone!


with the webroot plugin, it's possible to use letsencrpyt with nginx

install certbot:

add this to /etc/apt/sources list to enable backports:

deb jessie-backports main
apt-get update
apt-get install certbot -t jessie-backports

nginx vhost configs:

 # letsencrypt:
 location ^~ /.well-known/acme-challenge/ {
       default_type "text/plain";
       allow all;

only adding ^~ /.well-known/ without default type results in a strange connection error!

run certbot:

you can integrate as many domains in one cert as you like:

certbot certonly --webroot  --agree-tos -w /var/www/example -d -d

Your new cert will be stored in /etc/letsencrypt/live/ - th active one is always in /live/

nginx vhost configs - part 2:

# ssl cert:
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;
ssl_trusted_certificate /etc/letsencrypt/live/;

automatic renewal:

use a nightly cronjob to renew the certs. nginx will only get reloaded here, if new certs were installed

43 5 * * * root /usr/bin/certbot renew –quiet –post-hook “service nginx reload” # [» /var/log/le-renew.log ]


linux/webserver/lets_encrypt.txt · Last modified: 2016/09/21 17:10 by tkilla