Lets Encrypt (aka certbot)... is easy!

A quick guide/howtos to get SSL through Let’s Encrypt/certbot up and running and how to config for different HTTP servers.

Create Cert bundle

certbot certonly --webroot -w {your root path} -d {your www domain} -d {your non-www domain}

Attach to HTTP servers

Nginx

Add to SSL base config into site config (taken from github)

listen 443 ssl;

ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;

ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";

Add your generated certs from certbot:

ssl_certificate /etc/letsencrypt/live/{your domain}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{your domain}/privkey.pem;

Lighttpd

Combine the pub and priv key into a pem file, :

cat /etc/letsencrypt/live/{your domain}/cert.pem /etc/letsencrypt/live/{your domain}/privkey.pem > /etc/letsencrypt/live/{your domain}/web.pem

Then attach the chain/pem file like

ssl.pemfile = "/etc/letsencrypt/live/{your domain}/web.pem" # Combined Certificate
ssl.ca-file = "/etc/letsencrypt/live/{your domain}/chain.pem" # Root CA

Create Cert bundle#

Attach to HTTP servers#

Nginx#

Lighttpd#

Create Cert bundle

Attach to HTTP servers

Nginx

Lighttpd