The SSL certificates for all web applications on the UTN servers are provided by Let’s Encrypt. This initiative provides free short term SSL certificates for all websites. Let’s Encrypt certificates can be aquired using certbot, an automated Let’s Encrypt client. Installation instructions can be found on the certbot website. We currently do not use the automatic NGINX configuration functionality of certbot. This is because certbot overrides the NGINX configuration we have added via ansible when we created the sites.
A new certificate can be easily acquired using the following command
sudo certbot certonly --webroot -w /var/www/XXXXX/public -d XXXXX, where
XXXXX is replaced by the domain name of the applicaton.
On moore, you must use the following command since the structure is a bit different:
sudo certbot certonly --webroot -w /var/www/moore/src/media --cert-name moore.utn.se -d moore.utn.se. To add more domain names, add
-d domain.name.se to the end of the command for all domains you want to add.
To remove a domain, run this command with all current domains except for the ones you want to remove. [documentation]
Removing an existing certificate is also easy. Use the following command
sudo certbot delete --cert-name XXXXX.utn.se, where XXXXX is replaced by the domain name of the application.
This assumes that the files are located in the /var/www
folder in a folder named after the domain name. It also assumes that the
.well-known folder in the web root is readable (which it is in the default UTN
The certificates are automatically renewed using cron. To test the renewal run
sudo certbot renew --dry-run. In newer version of certbot the a crontask is
/etc/cron.d/certbot, which runs the renew command twice a day.