Huu Phan | Blog Linux operating system | Linux operating system -Blog Huu Phan | www.huuphan.com
huuphan.com. Powered by Blogger.

Issue Let's Encrypt certificates for multiple websites Nginx

In this tutorial, How to Issue Let's Encrypt certificates for multiple websites Nginx Let's Encrypt is a free and open-source

Prerequisites

  • Ubuntu instance with a LEMP stack installed.
  • Two valid domain name. My example, devopsroles.com and huuphan.com
  • You have access shell login VPS.
  • You neeed install package certbot python3-certbot-nginx on your system.

Let's Encrypt Certificates and Nginx

Configure Certbot Let's Encrypt certificates for the first website

Let's Encrypt free SSL for website. you run command the following

certbot --nginx -d huuphan.com
you see the following output:

[email protected]:~# certbot --nginx -d huuphan.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/huuphan.com.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate for huuphan.com
Deploying Certificate to VirtualHost /etc/nginx/conf.d/huuphan.com.conf
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/huuphan.com.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains: https://huuphan.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/huuphan.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/huuphan.com/privkey.pem
   Your certificate will expire on 2021-11-16. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again with the "certonly" option. To non-interactively
   renew *all* of your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Repeat the same process for other website devopsroles.com

You proceed to repeat the process for all your other websites. you can test your SSL certificates by visiting the URL https://www.ssllabs.com/ssltest/analyze.html

Automate Let's Encrypt Certificate Renewal

setup cron job

crontab -e
Add the following line:

10 11 * * *   root /usr/bin/certbot renew >/dev/null 2>&1
You can renew the certificates manually
certbot renew
Test certificate are being renewed correctly
certbot renew --dry-run

post new :

Huu Phan | Blog Linux operating system | Huu Phan ~ Zimbra Mail Server,linux,bash script,centos,linux command | www.huuphan.com