Let’s Encrypt

This guide will show you how to get free certificates using Let’s Encrypt.

While Let’s Encrypt provide scripts that are able to edit your webserver configuration files, I don’t trust anyone enough to do that. Let’s Encrypt scripts will only be used to create and renew certificates,

Prerequisite
This guide assume that you have an Nginx server running and listening on port 80.

The certificates can be then used for other purposes, like email server. Nginx is only used for the renewal process.

Installation
If you are using Debian Jessie, you will need to configure jessie-backports source for the following command to work.

Register Account
Although not mandatory, it is recommended to provide an email when registering your account. Make sure you enter it right as Let’s Encrypt will not validate it. The error about missing parameter is normal. You should be looking at the IMPORTANT NOTES section in the output.

Nginx

 * First create folder


 * Create file

Renewal Script
Let’s Encrypt delivers certificates that are valid for 90 days. It make automatic renewal an important part of the setup. They also have a limit of 5 certificates per week per domain.

In order to avoid blocking your domain (in case you need to create a new certificate), the following script will renew at most one certificate per run and will run every two days.

Certificates are renewed 30d before expiry. Additionally, if a certificate is close to expiry (20 days) a warning will be displayed with details.


 * Save the following file as  and make it executable

Don’t forget to edit the config on top of the file. If you don't have certificates from Let’s Encrypt yet, keep an empty array.


 * You can then run it automatically during the night. Add this to the file