Automated Certificate Management Environment(ACME)
- automates process of creating SSL certificates
https://certbot-dns-digitalocean.readthedocs.io/en/stable/
certbot --dns-digitalocean --dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini -d deitagy.com,*.deitagy.com
certbot --dns-digitalocean --dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini -d deitagy.com,*.deitagy.com
SSH into the server
SSH into the server running your HTTP website as a user with sudo privileges.
Add Certbot PPA
You’ll need to add the Certbot PPA to your list of repositories. To do so, run the following commands on the command line on the machine:
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
Install Certbot
Run this command on the command line on the machine to install Certbot.
sudo apt-get install certbot python-certbot-nginx
Choose how you’d like to run Certbot
Either get and install your certificates… Run this command to get a certificate and have Certbot edit your Nginx configuration automatically to serve it, turning on HTTPS access in a single step.
sudo certbot --nginx
Or, just get a certificate If you’re feeling more conservative and would like to make the changes to your Nginx configuration by hand, run this command.
sudo certbot certonly --nginx
Test automatic renewal
The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:
sudo certbot renew --dry-run
The command to renew certbot is installed in one of the following locations:
/etc/crontab/
/etc/cron.*/*
systemctl list-timers
Confirm that Certbot worked
To confirm that your site is set up properly, visit https://yourwebsite.com/ in your browser and look for the lock icon in the URL bar. If you want to check that you have the top-of-the-line installation, you can head to https://www.ssllabs.com/ssltest/.
https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8 https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx https://community.qualys.com/docs/DOC-6321-ssl-labs-grading-2018 https://loganmarchione.com/2018/09/lets-encrypt-wildcard-certificates-with-certbot-on-nginx/