#1 Installing Letsencrypt Certbot on ubuntu
#a.Updating existing Packages & Adding Repository
run this command
sudo apt-get update && sudo add-apt-repository ppa:certbot/certbot
#2. Installing Nginx Plugin for Letsencrypt certbot
run below command to update the newly added repository
sudo apt-get update
and this command to install ppa nginx
sudo apt-get install -y python-certbot-nginx
#3 Configuring lets encrypt for ACME challenges (Imp)
Many Ways to do this. but i used this method for issuing all domains in server.
#a. Create a Directory & a Letsencrypt conf file
if snippets Directory not exists create it by
mkdir /etc/nginx/snippets/
nano /etc/nginx/snippets/letsencrypt.conf
#b. Make a Directory for ACME Challenges by letsencrypt
#C Including Snippets.conf in nginx.conf or Sererblock
#4 Automatically issuing Letsencrypt SSL Certificates with nginx Plugin
a. Run Below COmmand It will list all all Domains Available in the Server
IMP auto
sudo certbot –nginx
sudo certbot --nginx
//auto configuration by letsencrypt to server block
sudo certbot –nginx certonly
// need to add config files manually
NOTE: turnoff cloudflare DNS while renewing or issuing certificate with dns
b. Select the Number of Domains , multiple or single (Separated by comma or Space) then hit enter
Letsencrypt
automatically Adds SSL Configuration in to Website Server blocks.
Renewing SSL Certificate
renewal by default automatic
To renew all domains
sudo certbot renew
To view all domains for renewals
sudo certbot renew –dry-run
renew single Domain
certbot renew –cert-name Domain.com
Renewing letsencrypt with cloudflare DNS
Cloudflare should be turnoff yellow to grey or enable development mode.
Migration of ssl Letsencrypt Certificates Won’t works
i tried 2-3 times, by Copying /etc/letsencrypt/Live / Certificates
but it won’t works.
change email letsencrypt
certbot update_account –email yourname+1@example.com
Uninstalling Deleting Letsencrypt ssl
Manually by removing
or Cert bot command
after the command you have to manually remove the code in server block.
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/rajuginni.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rajuginni.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/rajuginni.com/fullchain.pem;