Let’s Encrypt, an initiative of the EFF, Mozilla, and many other organizations, offers free certificates through Certbot. Certbot is designed to run directly on a web server, normally by a system administrator, because it is able to automatically generate Let’s Encrypt SSL certificates for any web server or web application. Most well-known web servers, like Apache and Nginx, can be directly configured using standard plugins, while others are supported using a generic mode that\u2019s compatible with the majority of web applications.<\/p>\n\n\n\n
If you run either Apache or Nginx, you can work with the -apache or -nginx switch to automate your Let’s Encrypt generation, renewal, and installation process.<\/p>\n\n\n\n
If you have a web server that requires you to work in a generic mode, you can use the -webroot switch to complete the same automatic renewal process. If you can\u2019t access your web server\u2019s root file system, an alternative method is to use certbot-auto\u2019s web server, accessed by the -standalone switch, to produce the certificates.<\/p>\n\n\n\n
Note: Let\u2019s Encrypt issues short-lived certificaticates that last 90 days, make sure that you or the sysadmin set aside time to renew your certificates every three months. Most Certbot installations come out of the box with automatic renewal set up.<\/p>\n\n\n\n
You can set up a scheduled task to automatically renew your certificates in the background by following these instructions:<\/p>\n\n\n\n
Note: For these instruction to set up Certbot to automate your SSL certificate generation process, you have to confirm that you\u2019re running it on the production box of the web application. The DNS has to be set up for the production box to run correctly and the automated generation process is based on this set up.<\/p>\n\n\n\n
SLEEPTIME=$(awk ‘BEGIN{srand(); print int(rand()*(3600+1))}’); echo “0 0,12 * * * root sleep $SLEEPTIME && certbot renew -q” | sudo tee -a \/etc\/crontab > \/dev\/null<\/p>\n<\/div>\n<\/div>\n<\/div><\/div>\n\n\n\n
Note: If you need to stop your web server to run Certbot, you should add pre and post hooks to automatically stop and start your web server during this process.<\/p>\n\n\n\n