Let's Encrypt Certbot Usage with NGINX

· klm's blog

Steps to install certificate in NGINX generated by certbox from Let's Encrypt.

Original post is here: eklausmeier.goip.de

Previously I used lefh to generate and update Let's Encrypt certificates for the Hiawatha webserver. Unfortunately, this PHP script no longer works. Therefore I installed certbot:

1pacman -S certbot-nginx

Updating my domains is like this:

1certbot --nginx -d eklausmeier.goip.de,klm.ddns.net,eklausmeier.mywire.org,klmport.no-ip.org,klm.no-ip.org

Its output is roughly

1Saving debug log to /var/log/letsencrypt/letsencrypt.log
2Requesting a certificate for eklausmeier.goip.de and 4 more domains
3
4Successfully received certificate.
5Certificate is saved at: /etc/letsencrypt/live/eklausmeier.goip.de/fullchain.pem
6Key is saved at:         /etc/letsencrypt/live/eklausmeier.goip.de/privkey.pem
7This certificate expires on 2024-05-19.
8These files will be updated when the certificate renews.

Add the first two files in /etc/nginx/nginx.conf:

ssl_certificate      /etc/letsencrypt/live/eklausmeier.goip.de/fullchain.pem;
ssl_certificate_key  /etc/letsencrypt/live/eklausmeier.goip.de/privkey.pem;

Check with nginx -t. If all is OK, then restart with systemctl restart nginx.

Final check is with Qualys SSL Labs:

Photo