letsencrypt - automated free SSL certificates
Login as root
sudo su
Download
git clone git@github.com:letsencrypt/letsencrypt.git
Setup authentication
nginx
server {
listen 443;
ssl_certificate /etc/letsencrypt/live/sub1.site1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sub1.site1.com/privkey.pem;
...
location /.well-known {
alias /tmp/.well-known;
}
}
Create site configs
site<n>.ini
rsa-key-size = 4096
email = me@mydomain.com
domains = sub1.site1.com, sub2.site1.com
agree-tos = true
renew-by-default = true
authenticator = webroot
webroot-path = /tmp
Create crontab script
renew-certs.sh
#!/bin/bash
HOME=/root
LETSENCRYPT=$HOME/letsencrypt/letsencrypt-auto
$LETSENCRYPT certonly --config $HOME/site1.ini
$LETSENCRYPT certonly --config $HOME/site2.ini
/etc/nginx/sbin/nginx -s reload
Setup crontab
crontab -e
# renew certificates on the 1st of these Jan, Mar, May, July, Sep, Nov months
0 0 1 1,3,5,7,9,11 * /root/renew-certs.sh