Ubuntu: Configure Let's Encrypt SSL

Install Certbot package.

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get -y update
# For Nginx
sudo apt-get -y install python-certbot-nginx
# For Apache
sudo apt-get -y install python-certbot-apache

Generate a SSL certificate using DNS verification.

sudo certbot certonly \
--manual \
--agree-tos \
--preferred-challenges=dns \
--server https://acme-v02.api.letsencrypt.org/directory \
--email jenkins@yasithab.com \
--domains jenkins.yasithab.com

Generated certificated will be available under /etc/letsencrypt/live/jenkins.yasithab.com

/etc/letsencrypt/live/jenkins.yasithab.com/fullchain.pem
/etc/letsencrypt/live/jenkins.yasithab.com/privkey.pem

Setup a crontab to run the renewal command everyday at midnight. The renewal will be executed only if there are 30 days less from the expiration date.

# Setting up crontab
crontab -e
# For Nginx - Append the below line to the end of crontab
0 0 * * * /usr/bin/certbot renew --renew-hook "/bin/systemctl --no-block reload nginx" --quiet --agree-tos
# For Apache - Append the below line to the end of crontab
0 0 * * * /usr/bin/certbot renew --renew-hook "/bin/systemctl --no-block reload apache2" --quiet --agree-tos