Let's install the command line client somewhere useful and setup some directories
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
mkdir /etc/letsencrypt/configs
touch /var/log/letsencrypt.log
We'll create some files as needed for each of the groups of domains we wish to renew, at /etc/letsencrypt/configs
,
and use letsencrypt-example.ini
as a template for it. Finally, we should add renew-letsencrypt.sh
to our crontab
crontab -e
# @monthly /path/to/renew-letsencrypt.sh 2>&1 >> /var/log/letsencrypt.conf
We'll have to configure each non-https server
to serve the challenge responses by doing something like this:
server {
listen 80;
server_name www.domain.tld domain.tld;
# Serve the challenge responses
location /.well-known/acme-challenge {
root /var/www/letsencrypt;
}
# Redirect to https otherwise
location / {
return 301 https://domain.tld$request_uri;
}
}