As a note to self, I added SSL/TLS certificates to a couple of websites using LetEncrypt. Here are a couple of notes about the process:
- Read the LetEncrypt docs
- They suggest using certbot
- Read those docs, and follow their instructions for installing the packages you’ll need
- Make sure your server firewall rules allow port 443 (You may get an “Unable to connect to the server” error message if you forget this part, as I did)
- After making some backups, run this command as root (or you may be able to use the
sudocommand):
root> certbot --nginx
Then follow the prompts, mostly to choose domain names.
It looks like auto-renewal should work automatically as there is a /etc/cron.d/certbot entry, but verify that in about 80 days. You can also run this command to see information about the certificates:
root> certbot certificates
See this URL for information about updating, managing, and renewing certificates.
Update: On Ubuntu 20.04, the renewal process seems to work through a timer, which you can find with this command:
systemctl list-timers
When I run that command I see the output for 12 times, including one with the “Unit” name of snap.certbot.renew.timer.
FWIW, all of that didn’t take long, less than an hour, maybe less than half an hour. And then it’s much easier to set up certificates for other subsequent websites.