Free SSL Let’s Encrypt – Per Domain

If you are running own cloud server and want to avoid paying SSL providors, then Let’s Encrypt is the best option for you.

My experiance with Let’s Encrypt is quite new but I have successfully implemented it on my Ubuntu+Nginx servers.

This article will explain how you can gain certificate per domain.
Let’s Encrypt does has a very well written documentation, if you are interested in deeper look, here is the link.

At this moment you have done following.

  • Your cloud server is running as well as Nginx.
  • Your domain or subdomain is active and DNS are pointed to your webserver

Nginx on Ubuntu 16.04 (xenial):
You need to install Certbot on your server, Certbot maintains the PPA, all you need to do run following commands on your server.

Step1: 

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx

Step2:
Certbot has an Nginx plugin, that we will use to generate the SSL

Method1:
$ sudo certbot --nginx

Using this command will generate SSL certificates for all the websites exist in /etc/nginx/sites-available
And this command will also update Nginx site config to put certificate information, that can be helpfull in some cases.

Method2:
I personally used following command and updated Nginx config manually.
$ sudo certbot --nginx certonly

Once certbot is finished successfully, certificate will be available at
/etc/letsencrypt/live/

Then modify nginx site config and add following lines in your server config:
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/domainname.your/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domainname.your/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

Method3: Generate certificate for a specify domain
In case you don’t want certbot to generate SSL for all the avaiable domains/subdomans, this is how you can specify the domain name.

$ certbot --nginx certonly -d 'domainname.your'
$ certbot --nginx certonly -d 'subdomain.domainname.your'

Here are some screenshots me generating SSL for my test domain, at the time you read this article this domain might not be working any more 🙂

Note:
If you are using a deployment tools like Puppet, then you need to update them to update Nginx site configurations.

About the author

Danyal Ali Butt

I'm working as programmer since 2002. Born, grew up, studied and worked in Pakistan now Im located in Denmark since 2006.

View all posts