How to configure auto-update of Let’s Encrypt certificates with Nginx

Article By: ivan


BIP MD-KB Knowledge Base Community Author

Encrypt certificates Lets encrypt free ssl for your VPS server - BIPmedia.com Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. One of the features of Let’s Encrypt is ninety-day lifetimes for certificates. There are many tutorials how to automate the procedure of updating certificates.

All of them have their pros and cons. For example you must manually create folders and files or stop web-server for several minutes... I think I found one of the simpliest ways.

The main idea is to let Let's Encrypt to start a web-server on 9999-port and configure nginx to pass a request to that back-end.

Let’s go Step By Step:

Install Let’s Encrypt

cd /opt
git clone https://github.com/letsencrypt/letsencrypt && cd letsencrypt

Create a configuration file for nginx

Open file with your favorite text editor /etc/nginx/template/letsencrypt.conf

location ~ ^/(.well-known/acme-challenge/.*)$ {
proxy_pass http://127.0.0.1:9999/$1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Add the next line to your nginx configuration file

include template/letsencrypt.conf;

Test and restart Nginx

nginx -t
systemctl restart nginx

That's all. Run let's encrypt to get a certificate

/opt/letsencrypt/letsencrypt-auto --agree-tos --renew-by-default --standalone --standalone-supported-challenges http-01 --http-01-port 9999 --server https://acme-v01.api.letsencrypt.org/directory certonly -d YOUR_DOMAIN_NAME

Schedule the task for auto-update of SSL-certificates

(weekly check)

crontab -e
#Letsencrypt autoupdate
30 1 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /dev/null 2>&1

Conclusion

If you want you can add a command to inform you when the certificate is updated. You can have several DOMAIN_NAMES (or SUBDOMAINS) on the server, all of them will be updated automatically.




Tags: , , , , , , ,


Welcome to the healthcare-only HIPAA - GDPR compliant cloud. Exclusively hosted on a HPC environment!

Learn more or start today by choosing your secure HIPAA - GDPR compliant server's Operating System bellow and pick the package that's best for you.

BIPmd makes it simple to launch in the cloud and scale up as you grow – whether you’re running one virtual machine, thousand or more.



Windows VPS options and add ons
Linux VPS options and add ons

>

Looking for a custom solution?

Our technicians can provide you with the best custom-made solutionss on the market, no matter whether you're a small business or large enterprise.

Get in touch

Leave a Reply



Feedbacks