Installing and renewing SSL certificates with Certbot

This article assumes EasyEngine v3’s file/directory structure for Nginx configurations.

Install Certbot

There are several ways to install Certbot, On Ubuntu use the following commands.

sudo apt install certbot python-certbot-nginx
sudo certbot --nginx

Generating the Certificate

Install a certificate with the command:

sudo certbot certonly -a webroot --renew-by-default -w /var/www/<your-site>/htdocs -d <your-site>

Here -w flag is for the webroot path .i.e. the absolute path to the root of the website. -d flag is for the domain name.

Using the certificate in the configuration

Download the file to the directory to the config directory of the new domain:

curl -L https://gist.githubusercontent.com/Nikschavan/be9cbc0e738268ad063a6fe3b72547c7/raw/faa3bdd37aa8a9459e2b5710fc6bd0d367f80cf5/ssl.conf.template -o /var/www/<your-domain-name-here>/conf/nginx/ssl.conf

Replace the dummy domain name from the template to your correct domain name

sed -i.default "s/<your-domain>/<replace-your-domain-name-here>/g" /var/www/<replace-your-domain-name-here>/conf/nginx/ssl.conf 

Note – Replace <replace-your-domain-name-here> with the actual domain name in the above command

Reload Nginx Configuration.

sudo service nginx reload
(Link to source code)

Redirecting HTTP to HTTPS

Download the force-redirect Nginx configuration template:

curl -L https://gist.githubusercontent.com/Nikschavan/c2a5cbb5181078df8f532dda5030319a/raw/bbc626987863db1d8ed26dc5bcba1e2443daa11c/force-ssl-website.conf -o /etc/nginx/conf.d/force-ssl-<replace-your-domain-name-here>.conf 

Note – Replace <replace-your-domain-name-here> with your domain name in the above command.

Replace the dummy domain name with the actual domain name.

sed -i.default "s/<your-domain>/<replace-your-domain-name-here>/g" /etc/nginx/conf.d/force-ssl-<replace-your-domain-name-here>.conf

Note – Replace <replace-your-domain-name-here> with your domain name in the above command.

Reload Nginx Configuration.

sudo service nginx reload
(Link to source code)

Renewing Certificates

Following command renews all the certificates on a server sudo /opt/letsencrypt/certbot-auto renew

You can set a cron job and automate SSL certificate renewal.

Open crontab by running the following command:

sudo crontab -e

And add the following line to the end of the crontab file:

0 0 * * * sudo /opt/letsencrypt/certbot-auto renew

TLDR; All the commands that are needed setup the license:

Replace <new-domain-name> with the domain name. The domain name is without http:// and www

sudo certbot certonly -a webroot --renew-by-default -w /var/www/<new-domain-name>/htdocs -d <new-domain-name> -w /var/www/<new-domain-name>/htdocs -d www.<new-domain-name>

sudo curl -L https://gist.githubusercontent.com/Nikschavan/be9cbc0e738268ad063a6fe3b72547c7/raw/faa3bdd37aa8a9459e2b5710fc6bd0d367f80cf5/ssl.conf.template -o /var/www/<new-domain-name>/conf/nginx/ssl.conf

sudo sed -i.default "s/<your-domain>/<new-domain-name>/g" /var/www/<new-domain-name>/conf/nginx/ssl.conf

sudo chown -R www-data:www-data /var/www/<new-domain-name>/conf/nginx/ssl.conf

sudo curl -L https://gist.githubusercontent.com/Nikschavan/c2a5cbb5181078df8f532dda5030319a/raw/bbc626987863db1d8ed26dc5bcba1e2443daa11c/force-ssl-website.conf -o /etc/nginx/conf.d/force-ssl-<new-domain-name>.conf

sudo sed -i.default "s/<your-domain>/<new-domain-name>/g" /etc/nginx/conf.d/force-ssl-<new-domain-name>.conf

wp --path=/var/www/<new-domain-name>/htdocs/ search-replace http://<new-domain-name> https://<new-domain-name>