Get and install Let’s Encrypt SSL on Nginx Ubuntu 14.04.4 LTS

By | 01/06/2016

Installing LetsEncrypt
First You need to run commands below.

sudo apt-get update
sudo apt-get -y install git bc
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt


Run this once and complete installation.

/opt/letsencrypt/letsencrypt-auto

Configuring default website for webroot plugin
To use webroot plugin need to edit default website config and change location block. Letsencrypt use this site as validation.

sudo vi /etc/nginx/sites-available/default
location ~ /.well-known 
        {
                allow all;
        }

Reload nginx configuration.

sudo service nginx reload

Then you can request and create your certificate.

Getting Certificate
Following command creates your certifcate files. You need to change webroot-path and domain name with yours. webroot path should be your default website’s home directory.

cd /opt/letsencrypt
./letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d gokhanacar.net -d www.gokhanacar.net

Follow wizard and complete steps.

After this Letsencrypt creates links of certificate files inĀ /etc/letsencrypt/live/ folder.

Configure Nginx

add following lines to server block of your website configuration file listen 443 and use your ssl files.

    listen 443 ssl;
    server_name gokhanacar.net www.gokhanacar.net;
 
    ssl on;
    ssl_certificate         /etc/letsencrypt/live/gokhanacar.net/cert.pem;
    ssl_certificate_key     /etc/letsencrypt/live/gokhanacar.net/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/gokhanacar.net/chain.pem;

Renewing Certificate

Your certificate will be expire in 3 months. You can renew your certificates. If you want create a crontab and renew your certificates automaticly.

/opt/letsencrypt/letsencrypt-auto renew
sudo service nginx reload