Installing and Issuing Let's Encrypt Certificates

Install certbot for let's encrypt

Certbot can automatically fetch let's encrypt certificates for us. Before we do that I found that I needed to make sure the Ubuntu Universe repository was active on Ubuntu 18.04.

Easiest way I found is a simple apt command.

sudo apt-add-repository universe

Now we can install certbot.

sudo apt update && sudo apt -y dist-upgrade && sudo apt autoremove
If you noticed a new kernel was installed go ahead and reboot before continuing. Then upon reboot install cerbot with the following command.
sudo apt install certbot

Pull down a certificate

We can use DNS challenge for validation which I have found is the simplest way to verify domain ownership when issuing certs.

sudo certbot -d myhost.domain.com --manual --preferred-challenges dns certonly

During the setup you will be asked to provide an email address and allow your email for public use, which you can decline. Then you need to agree to using your IP address.

You will be presented with a subdomain which you need to add to your DNS provider, and also a TXT record for the value of that subdomain.

After setting this in your DNS, you can use dig txt _acme-challenge.<my fqdn example.com> to verify the record is propagated. After it's propagated you can continue to tell certbot to validate the entry.

Once that succeeds your new certificates will be present in /etc/letsencrypt/live/myhost.domain.com

And that's it. Copy the fullchain.pem and privkey.pem to your reverse proxy, configure your proxy to use these certs and your public site should be accessible and SSL validated when visited.

Renewing the certificate

We can use crontab to check for a new certificate every 3 months. Then we will email the output to ourselves so we know it worked or failed.

sudo crontab -e

Add something similar to this entry

0 3 1 * * certbot certonly --keep-until-expiring -d myhost.domain.com | mail -s "Let's Encrypt Renewal" -a "From: myhost.domai.com <no-reply@myemail@email.com>" myemail@email.com