Using ‘certbot’ for SSL Encryption

Let’s Encrypt offers a great service of offering self-signed SSL certificates for your self-hosted websites. Using these certificates are fairly easy, and when you add cron jobs into the mix, you don’t have to worry about completely stopping your web services to renew your certs.

If you don’t have ‘certbot’ installed yet, install through your distribution of choice. Then run the following commands (pay attention to the parts that require your actual information).

$ sudo systemctl stop [INSERT WEBSERVICE HERE]
$ sudo certbot certonly --standalone --email [EMAIL-ADDRESS] -d thebytes.net,www.thebytes.net,[ALL OTHER SUBDOMAINS]

If all goes according to plan, then all of your certificates will be generated under the first name in the run. You will get a congratulations message and you can check if they exist by looking in /etc/letsencrypt/live/ for a folder named after the site.

The last thing you need to do is create a small script that your cron jobs can execute to automatically update the certificates. I created a file in the monthly cron folder for this exact requirement.

$ sudo nano /etc/cron.monthly/update-certbot
$ sudo nano /etc/cron.monthly/update-certbot
$ sudo chmod +x /etc/cron.monthly/update-certbot

#!/bin/bash
certbot renew --force-renew

Save the file with the above lines, and restart your web service. Your certbot SSL certificates will now renew monthly.

no responses for Using ‘certbot’ for SSL Encryption

    Leave a Reply

    Your email address will not be published. Required fields are marked *