Skip to main content

Configure Let's Encrypt SSL on Ubuntu

Install Certbot package.

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get -y update

# For Nginx
sudo apt-get -y install python-certbot-nginx

# For Apache
sudo apt-get -y install python-certbot-apache

Generate a SSL certificate using DNS verification.

sudo certbot certonly \
--manual \
--agree-tos \
--preferred-challenges=dns \
--server https://acme-v02.api.letsencrypt.org/directory \
--email [email protected] \
--domains jenkins.example.com

Generated certificated will be available under /etc/letsencrypt/live/jenkins.example.com

/etc/letsencrypt/live/jenkins.example.com/fullchain.pem
/etc/letsencrypt/live/jenkins.example.com/privkey.pem

Setup a crontab to run the renewal command everyday at midnight. The renewal will be executed only if there are 30 days less from the expiration date.

# Setting up crontab
crontab -e

# For Nginx - Append the below line to the end of crontab
0 0 * * * /usr/bin/certbot renew --renew-hook "/bin/systemctl --no-block reload nginx" --quiet --agree-tos

# For Apache - Append the below line to the end of crontab
0 0 * * * /usr/bin/certbot renew --renew-hook "/bin/systemctl --no-block reload apache2" --quiet --agree-tos