How To Install A Let's Encrypt Certificate On Apache2
To install the certificate, I followed the instructions here by installing from Github.
$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-auto --help
Then I used the "apache plugin" to generate a certificate for dgendill.com.
./letsencrypt-auto --apache
I then answered some questions, and it generated four files in /etc/letsencrypt/live/dgendill.com
.
cert.pem
chain.pem
fullchain.pem
privkey.pem
I then edited my apache config file in /etc/apache2/sites-available/dgendill.com
and a told apache where to find the SSLCertificateFile (cert.pem), SSLCertificateKeyFile (privkey.pem), and SSLCertificateChainFile (chain.pem).
<VirtualHost *:443>
ServerName dgendill.com
DocumentRoot /path/to/dgendill.com/public
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/dgendill.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/dgendill.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/dgendill.com/chain.pem
</VirtualHost>
Automatically Updating Certificates
To automatically update the certificate, create an executable file in the letsencrypt folder named renew.sh
.
#!/bin/sh
if ! /location/of/letsencrypt/letsencrypt-auto renew > /var/log/letsencrypt/renew.log 2>&1 ; then
echo Automated renewal failed:
cat /var/log/letsencrypt/renew.log
exit 1
fi
And run it everyday on a cron.
crontab -e
And add...
1 1 * * * /location/of/letsencrypt/renew.sh