Notes about setting up HTTPS on websites using LetEncrypt and certbot

As a note to self, I added SSL/TLS certificates to a couple of websites using LetEncrypt. Here are a couple of notes about the process:

  • Read the LetEncrypt docs
  • They suggest using certbot
  • Read those docs, and follow their instructions for installing the packages you’ll need
  • Make sure your server firewall rules allow port 443 (You may get an “Unable to connect to the server” error message if you forget this part, as I did)
  • After making some backups, run this command as root (or you may be able to use the sudo command):
root> certbot --nginx

Then follow the prompts, mostly to choose domain names.

It looks like auto-renewal should work automatically as there is a /etc/cron.d/certbot entry, but verify that in about 80 days. You can also run this command to see information about the certificates:

root> certbot certificates

See this URL for information about updating, managing, and renewing certificates.

Update: On Ubuntu 20.04, the renewal process seems to work through a timer, which you can find with this command:

systemctl list-timers

When I run that command I see the output for 12 times, including one with the “Unit” name of snap.certbot.renew.timer.

FWIW, all of that didn’t take long, less than an hour, maybe less than half an hour. And then it’s much easier to set up certificates for other subsequent websites.