It is actually very simple.
1. First things first, you need to install or upgrade your certbot client, it needs to be version 0.22+. Or you can uninstall the current version and install the new version, see below
# wget https://dl.eff.org/certbot-auto # chmod a+x ./certbot-auto # sudo ./certbot-auto
2. Generate the certificate using the command below
# sudo ./certbot-auto certonly \ --server https://acme-v02.api.letsencrypt.org/directory \ --manual --preferred-challenges dns \ -d *.domain.com -d domain.com
Note that you will need to specify both “-d *.domain.com -d domain.com” for it to include all subdomains and root domain. ACMEv2 is required for wildcard certificate, so the command uses the new URL https://acme-v02.api.letsencrypt.org/directory.
3. Create a validation TXT DNS record for your domain. Follow the wizard, it will ask you to define a TXT DNS record for your domain.
------------------------------------------------------------------------------- Please deploy a DNS TXT record under the name _acme-challenge.scm.cloudynerd.us with the following value: XXXXXXXXX-XXXXXXXXXXXXXX Before continuing, verify the record is deployed. ------------------------------------------------------------------------------- Press Enter to Continue
4. Once the TXT record is validated, your certificate will be generated and ready to be installed with nginx. Just add these lines
listen 443; ssl on; ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
5. Restart your server and you should be good to go
Don’t forget to setup your crontab to update the certificate when it expires. Add this to your crontab
* 3,15 * * * /opt/certbot-auto -q renew --renew-hook "/etc/init.d/nginx reload" >> /var/log/certbot-auto-renew
Enjoy
Phone/Fax: +44 (0) 20 8090 0828
Email: info@atomate.net