As a note to self, I added SSL/TLS certificates to a couple of websites using LetEncrypt. Here are a couple of notes about the process:
- Read the LetEncrypt docs
- They suggest using certbot
- Read those docs, and follow their instructions for installing the packages you’ll need
- Make sure your server firewall rules allow port 443 (You may get an “Unable to connect to the server” error message if you forget this part, as I did)
- After making some backups, run this command as root:
root> certbot --nginx
Then follow the prompts, mostly to choose domain names.
It looks like auto-renewal should work automatically as there is a /etc/cron.d/certbot entry, but verify that in about 80 days. You can also run this command to see information about the certificates:
root> certbot certificates
See this URL for information about updating, managing, and renewing certificates.
FWIW, all of that didn’t take long, less than an hour, maybe less than half an hour.