SSL certificate from Let’s Encrypt is free. That is the the whole point of why people are getting Let’s Encrypt’s SSL certificate. Their SSl are supported in all modern browsers. The only con is the certificate expire in 3 months. However, we can make the renewing process easier with cron. This guide is for server that already have https setup correctly, and will NOT cover how to setup https or modify server ssl configuration file.
Most systems already have Certbot package in the repository. You can check and follow the installation step from https://certbot.eff.org *You can add more domain to above command if you like.
*We only need CertBot to generate certificate only in this case and we don’t want CertBot to touch SSL configuration file.
./certbot certonly --email email@example.com -d domain1.com -d www.domain1.com -d domain2.com -d www.domain2.com
Pick 1-3 for according to your server setup if you see below feedback.
How would you like to authenticate with the ACME CA?
CertBot will automatically verify your domain(s), generate key, and create CSR. Your will see Congratulation! note after all processes are completed. Total about 20 seconds.
3. check if your SSL certificate is in /etc/letsencrypt/live/domain1.com/ folder. You should have below files.
privkey.pem : the private key for your certificate.
4. point your SSL certificate, private key, and chain to the new generated SSL certificate location with correct names.
(How to? please refer to this guide: Configuring HTTPS servers)
5. create a auto renewal check task to have your server run CertBot to check the certification expiration date everyday to make sure your SSL is not expired.