yoimbert · April 26, 2016 22:18
diff --git a/letsencrypt b/letsencrypt
 SSH to your instance
 ssh -i <path_to_key_file.pem> ubuntu@<public_ip_address>
 Note: You may replace with domain name if your DNS has resolved.
 Clone the letsencrypt repository from github. (If it is available via a package manager, you may use that).
 sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
 This will copy the letsencypt repository to /opt/letsencrypt
 Confirm no applications are listening to port 80:
 netstat -na | grep ':80.*LISTEN'
 If any processes are returned, kill them.
 Get Certificate from Let's Encrypt
 Change to Let's Encrypt repository location
 cd /opt/letsencrypt
 Run the Standalone plugin. (This will open a web server listening on port 80 to validate the server).
 ./letsencrypt-auto certonly --standalone --email <[email protected]> -d <domain.com> -d <subdomain.domain.com> 
 Note: Second (or more) domain is optional.
 If you would like to restrict traffic to your instance on AWS, you may now restrict the security groups. Make sure you allow TCP/22 from your current location for the SSH connection, as well as TCP/443 from the location you wish to use to access from.
 Check for certificates and keys
 The following files will be created in /etc/letsencrypt/archive with symbolic links placed in /etc/letsencrypt/live/<domain.com>
 cert.pem - domain certificate
 chain.pem - Let's Encrypt chain certificate
 fullchain.pem - both the above certs (This will be your certificate file)
 privkey.pem - certificate's private key (This will be your certificate key file).
 Confirm by listing the following directory
 sudo ls /etc/letsencrypt/live/<domain.com>

 https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04

 Set Up Auto Renewal

 /opt/letsencrypt/letsencrypt-auto renew

 sudo crontab -e

 30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
 35 2 * * 1 /etc/init.d/nginx reload

 Step 5 — Updating the Let’s Encrypt Client (optional)
 Whenever new updates are available for the client, you can update your local copy by running a git pull from inside the Let’s Encrypt directory:

 cd /opt/letsencrypt
 sudo git pull
	SSH to your instance
	ssh -i <path_to_key_file.pem> ubuntu@<public_ip_address>
	Note: You may replace with domain name if your DNS has resolved.
	Clone the letsencrypt repository from github. (If it is available via a package manager, you may use that).
	sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
	This will copy the letsencypt repository to /opt/letsencrypt
	Confirm no applications are listening to port 80:
	netstat -na \| grep ':80.*LISTEN'
	If any processes are returned, kill them.
	Get Certificate from Let's Encrypt
	Change to Let's Encrypt repository location
	cd /opt/letsencrypt
	Run the Standalone plugin. (This will open a web server listening on port 80 to validate the server).
	./letsencrypt-auto certonly --standalone --email <[email protected]> -d <domain.com> -d <subdomain.domain.com>
	Note: Second (or more) domain is optional.
	If you would like to restrict traffic to your instance on AWS, you may now restrict the security groups. Make sure you allow TCP/22 from your current location for the SSH connection, as well as TCP/443 from the location you wish to use to access from.
	Check for certificates and keys
	The following files will be created in /etc/letsencrypt/archive with symbolic links placed in /etc/letsencrypt/live/<domain.com>
	cert.pem - domain certificate
	chain.pem - Let's Encrypt chain certificate
	fullchain.pem - both the above certs (This will be your certificate file)
	privkey.pem - certificate's private key (This will be your certificate key file).
	Confirm by listing the following directory
	sudo ls /etc/letsencrypt/live/<domain.com>

	https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04

	Set Up Auto Renewal

	/opt/letsencrypt/letsencrypt-auto renew

	sudo crontab -e

	30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
	35 2 * * 1 /etc/init.d/nginx reload

	Step 5 — Updating the Let’s Encrypt Client (optional)
	Whenever new updates are available for the client, you can update your local copy by running a git pull from inside the Let’s Encrypt directory:

	cd /opt/letsencrypt
	sudo git pull