Letsencrypt acme

Under (recommended) root

Step 0

Dependencies

sudo apt-get install socat

Step 1: Install Acme.sh

curl https://get.acme.sh | sh

restart console session on first install

Step 2 Check installation successful

acme.sh --version

Step 3 Configure nginx for validation via portal

location /.well-known/acme-challenge/ {
  alias /var/www/portal.voronenko.net/.well-known/acme-challenge/;
}

optional (

systemctl nginx configtest
 to ensure your syntax is correct and everything adds up. Then run

systemctl nginx reload 

)

Step 4 Issue certificate

acme.sh --issue -d portal.voronenko.net  -w /var/www/portal.voronenko.net/

Step 5 Setup auto renew

mkdir -p /etc/nginx/certs/portal.voronenko.net/
acme.sh --install-cert -d portal.voronenko.net --cert-file /etc/nginx/certs/portal.voronenko.net/cert --key-file /etc/nginx/certs/portal.voronenko.net/key --fullchain-file /etc/nginx/certs/portal.voronenko.net/fullchain  --reloadcmd "systemctl restart nginx.service"

Step 6 validate

crontab -l
ls -la  /etc/nginx/certs/portal.voronenko.net/

Step 7 Use certificates in your nginx config

server {
  listen              443 ssl;
  ssl_certificate  /etc/nginx/certs/portal.voronenko.net/fullchain;
  ssl_certificate_key /etc/nginx/certs/example.com/privkey;
  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers         HIGH:!aNULL:!MD5:
  ...
}