One of the most popular tools for automating the process of obtaining and renewing Let’s Encrypt SSL certificates is the Certbot. Installing Certbot on recent Linux distributions is straightforward, and it integrates seamlessly with Apache web servers, making SSL management a breeze.
However, using Certbot with Nginx web servers has to be more challenging. While obtaining an SSL certificate with Nginx can be done semi-manually, the real difficulty arises during the renewal process, which often requires manual intervention. This can make managing SSL certificates on Nginx servers more time and attention demanding. At least I was thinking in this way before today.
It turned out that there is dedicated Certbot plugin for Nginx. To install it with apt just run:
sudo apt install certbot python3-certbot-nginxor with yum based distros just call:
sudo yum install certbot-nginxHowever, the latter will only work with installed when installed from EPEL repository.
When everything is setup just make certificate review in a following way:
sudo certbot --nginx -d typo3demosite.com -d www.typo3demosite.comAnd that’s it! Just do not forged if Certbot’s cron task for automated certificates renewal works too.
Important note!
If you used certbot –nginx to create the certificate, as to this post, then it would reload nginx automatically for you at every renewal. But if you used “certbot certonly” to create the certificate without telling Certbot to reload nginx, then you’d have to manually reload nginx every time the certificate renews. This is because nginx does not read the certificate off disk every time, for performance reasons.
I’ve stent a lot of time to figure this out. You could open /etc/letsencrypt/renewal/your_domain.com.conf, and add this
[renewalparams]
renew_hook = systemctl reload nginx