CentOS 6: Configure Let's Encrypt SSL

Get the LetsEncrypt certbot-auto script.

curl -o /usr/local/sbin/certbot-auto https://dl.eff.org/certbot-auto

Make it executable.

chmod a+x /usr/local/sbin/certbot-auto

Generate a SSL certificate using DNS verification.

sudo /usr/local/sbin/certbot-auto certonly \
--manual \
--agree-tos \
--preferred-challenges=dns \
--server https://acme-v02.api.letsencrypt.org/directory \
--email jenkins@yasithab.com \
--domains jenkins.yasithab.com

Generated certificated will be available under /etc/letsencrypt/live/jenkins.yasithab.com

/etc/letsencrypt/live/jenkins.yasithab.com/fullchain.pem
/etc/letsencrypt/live/jenkins.yasithab.com/privkey.pem

Setup a cron job to run the renewal command everyday at midnight. The renewal will be executed only if there are 30 days less from the expiration date.

# Setting up crontab
crontab -e
# Append the below line to the end of crontab
0 0 * * * /usr/local/sbin/certbot-auto renew --renew-hook "/sbin/service nginx reload" --quiet --agree-tos

References: