Whatbox Logo

Wiki > Certbot (Let's Encrypt) SSL Certificates

Certbot (formerly known as Let's Encrypt) can be used to obtain free TLS certificates to encrypt connections to any website you own. This guide assumes that you already own a fully qualified domain name with a DNS record pointing to the IP address of your Whatbox slot.

Prerequisites

Because Certbot exists as a python pip package, it can be easily installed into an existing virtualenv. After setting up a basic virtualenv and nginx installation, Certbot can be installed as follows.

Certbot Installation

  • Access Virtualenv
source ~/virtualenv3/bin/activate
  • Install certbot and its dependencies:
pip install certbot
pip install pip -U
pip install virtualenv -U
pip install zope.interface -U
pip install certbot -U
  • Create certificate/work/configuration directories
mkdir -p ~/.certbot
mkdir -p ~/.certbot/work
mkdir -p ~/.certbot/logs

Usage Notes

  • Certbot is now functional, but it defaults to using directories only the root user can access. To fix this, run the following:
echo 'alias certbot="certbot --config-dir=$HOME/.certbot --work-dir=$HOME/.certbot/work --logs-dir=$HOME/.certbot/logs"' >> ~/.bashrc
source ~/.bashrc
  • Now let's encrypt:
certbot certonly --manual --preferred-challenges dns
  • Follow the prompts and instructions. Note that it may take a while for the TXT record to propagate.
  • Upon successful verification, Certbot will indicate when the certificate will expire. To renew the certificate, activate the virtualenv and run certbot certonly --manual --preferred-challenges dns before the expiration date.

Also keep in mind that since your server is shared that your private key is not protected compared with the Certbot default installation on a private server. For further Certbot usage documentation, see Certbot's user guide.

  • After obtaining your certificate, configure your nginx instance to use the certificate and adjust your configuration accordingly.