Certbot is a tool provided by Let’s Encrypt and provides free short term SSL certificates. Installation instructions can be found on the certbot website. We currently do not use the automatic NGINX configuration functionality of certbot. This is because certbot overrides the NGINX configuration we have added via ansible when we created the sites.
If you add, update or remove a certificate you must reload nginx afterwards for the changes to take effect. Use
nginx -s reload.
A new certificate can be easily acquired using the following command
sudo /certbot-0.30.2/certbot-auto --no-self-upgrade certonly --webroot -w /var/www/XXXXX/public -d XXXXX, where
XXXXX is replaced by the domain name of the applicaton.
You must use ALWAYS run
/certbot-0.30.2/certbot-auto --no-self-upgrade on the Glesys servers. This is because they are running Ubuntu 12.04 and higher versions of certbot are incompatible with Ubuntu 12.04
Removing an existing certificate is also easy. Use the following command
sudo certbot delete which will then ask which domains you want to remove
The certificates are automatically renewed using cron. The renewal task is
/etc/cron.d/certbot, which runs the renew command twice a day.