How To Install A Let's Encrypt Certificate On Apache2

To install the certificate, I followed the instructions here by installing from Github.

$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-auto --help

Then I used the "apache plugin" to generate a certificate for dgendill.com.

./letsencrypt-auto --apache

I then answered some questions, and it generated four files in /etc/letsencrypt/live/dgendill.com.

cert.pem
chain.pem
fullchain.pem
privkey.pem

I then edited my apache config file in /etc/apache2/sites-available/dgendill.com and a told apache where to find the SSLCertificateFile (cert.pem), SSLCertificateKeyFile (privkey.pem), and SSLCertificateChainFile (chain.pem).

<VirtualHost *:443>
    ServerName dgendill.com
    DocumentRoot /path/to/dgendill.com/public

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/dgendill.com/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/dgendill.com/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/dgendill.com/chain.pem
</VirtualHost>

Automatically Updating Certificates

To automatically update the certificate, create an executable file in the letsencrypt folder named renew.sh.

#!/bin/sh
if ! /location/of/letsencrypt/letsencrypt-auto renew > /var/log/letsencrypt/renew.log 2>&1 ; then
    echo Automated renewal failed:
    cat /var/log/letsencrypt/renew.log
    exit 1
fi

And run it everyday on a cron.

crontab -e

And add...

1 1 * * * /location/of/letsencrypt/renew.sh