letsencrypt - automated free SSL certificates

Login as root

sudo su

Download

git clone [email protected]:letsencrypt/letsencrypt.git

Setup authentication

nginx
server {
  listen 443;
  ssl_certificate /etc/letsencrypt/live/sub1.site1.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/sub1.site1.com/privkey.pem;
  ...
  location /.well-known {
    alias /tmp/.well-known;
  }
}

Create site configs

site<n>.ini

rsa-key-size = 4096
email = [email protected]
domains = sub1.site1.com, sub2.site1.com
agree-tos = true
renew-by-default = true

authenticator = webroot
webroot-path = /tmp

Create crontab script

renew-certs.sh

#!/bin/bash
HOME=/root
LETSENCRYPT=$HOME/letsencrypt/letsencrypt-auto

$LETSENCRYPT certonly --config $HOME/site1.ini
$LETSENCRYPT certonly --config $HOME/site2.ini

/etc/nginx/sbin/nginx -s reload

Setup crontab

crontab -e

# renew certificates on the 1st of these Jan, Mar, May, July, Sep, Nov months
0 0 1 1,3,5,7,9,11 * /root/renew-certs.sh