Download and Install Let’s Encrypt

sudo git clone /opt/letsencrypt
cd /opt/letsencrypt

Create an SSL Certificate

cd /opt/letsencrypt

sudo -H ./letsencrypt-auto certonly --standalone -d -d

Renew SSL Certificates

cd /opt/letsencrypt
sudo -H ./letsencrypt-auto certonly --standalone --renew-by-default -d -d

UPDATE (06/04/2019):

To prevent new certificates (like *-0001, *-0002) from being created on running the renew command, add a `--cert-name <domain name>` entry to force certbot to overwrite existing certificate instead of creating a new one.

sudo -H ./letsencrypt-auto certonly --standalone --renew-by-default --cert-name -d -d

 UPDATE (04/05/2020):

Install and configure certbot certificate with nginx configuration:

sudo certbot --nginx -d -d

Automatically Renew SSL Certificates (Optional)

echo '@monthly root /opt/letsencrypt/letsencrypt-auto certonly --quiet --standalone --renew-by-default -d -d >> /var/log/letsencrypt/letsencrypt-auto-update.log' | sudo tee --append 
  •  @monthly: for simplicity, this command will execute at midnight on the first day of every month
  • root: run the command as the root user
  • /opt/letsencrypt/letsencrypt-auto certonly –quiet –standalone –renew-by-default -d -d letsencrypt-auto renewal command. Again, add -d for each domain name you need to renew
  • » /var/log/letsencrypt/letsencrypt-auto-update.log: record the standard output and standard error to a log file named letsencrypt-auto-update.log
  • tee –append /etc/crontab: save the new cron job to the /etc/crontab file

Update Let’s Encrypt

cd /opt/letsencrypt
sudo git pull

Automatically Update Let’s Encrypt (Optional):

echo '@weekly root cd /opt/letsencrypt && git pull >> /var/log/letsencrypt/letsencrypt-auto-update.log' | 
sudo tee --append /etc/crontab

If it doesn't work, stop the nginx server and then try the renewal command.

Check Expiration dates:

sudo openssl x509 -dates -noout < /etc/letsencrypt/live/<DOMAIN NAME HERE>/cert.pem


For Nginx server block config: