Let's Encrypt
Disable Certbot login
Add SSL/TLS group to system (acme)
sudo useradd cerbot
sudo groupadd -U certbot acme
sudo groupmems -g acme -a nginx
Create directories and setup right for non root configuration
sudo mkdir -m 0740 /etc/letsencrypt/ /var/log/letsencrypt/ /var/lib/letsencrypt/
sudo chown -R certbot:acme /etc/letsencrypt/ /var/log/letsencrypt/ /var/lib/letsencrypt/
Run commands as certbot
- 3.1. Create/Activate virtual env
- 3.2. install certbot
- 3.3 run certbot
sudo su -s /bin/fish certbot
Various Commands
certbot certonly -n --agree-tos --email foo@gmail.com --expand --webroot -d blog.foo.dev -d foo.dev
sudo chown root:acme /etc/nginx/nginx.conf
sudo chown root:acme /var/log/nginx/error.log
certbot certonly -n --agree-tos --email foo@gmail.com --webroot -w /usr/share/nginx/html -d foo.dev -d blog.foo.dev