Certbot is only used on the servers hosted on Glesys. It was used on the servers hosted on DigitalOcean but has now been replaced by Cloudflares origin certificates

Certbot is a tool provided by Let’s Encrypt and provides free short term SSL certificates. Installation instructions can be found on the certbot website. We currently do not use the automatic NGINX configuration functionality of certbot. This is because certbot overrides the NGINX configuration we have added via ansible when we created the sites.

If you add, update or remove a certificate you must reload nginx afterwards for the changes to take effect. Use nginx -s reload.

Create a new certificate

A new certificate can be easily acquired using the following command sudo /certbot-0.30.2/certbot-auto --no-self-upgrade certonly --webroot -w /var/www/XXXXX/public -d XXXXX, where XXXXX is replaced by the domain name of the applicaton.

You must use ALWAYS run /certbot-0.30.2/certbot-auto --no-self-upgrade on the Glesys servers. This is because they are running Ubuntu 12.04 and higher versions of certbot are incompatible with Ubuntu 12.04

Remove an existing certificate

Removing an existing certificate is also easy. Use the following command sudo certbot delete which will then ask which domains you want to remove

Automatic renewals

The certificates are automatically renewed using cron. The renewal task is included in /etc/cron.d/certbot, which runs the renew command twice a day.