I had some tutorials about Let’s Encrypt configuration and a lot of Q&A about Let’s Encrypt at HERE. But all of those still missing one important thing: How to configure and renew Let’s Encrypt on Nginx/Apache using VirtualHost with more than one domain.
The problem is: certbot is NOT intelligent enough to auto configure new SSL for multi domain virtualhost webserver. That leads to your virtualhost configuration becomes messy.
Here’s proper way to make it works:
Step 1: Generate Let’s Encrypt SSL and do verification automatically
First, issue this command to generate/regenerate the SSL but not configure automatically.
certbot certonly -d loitools.com --webroot -w /var/loitools/location
For multiple domains in one command:
certbot certonly --webroot -d loitools.com -w /var/loitools/location -d config9.com -w /var/config9/local
Certbot command parameters explanation:
- certonly: generate cert only and not automatically configure to webserver
- –webroot: do verification by placing files in web root dir
- -w: web root dir path
- -d: domain name
You can also choose a shorter command but then certbot will ask your options and you have to enter manually (you shouldn’t choose this way)
certbot -d loitools.com certonly
The output will be like this
How would you like to authenticate with the ACME CA? 1: Apache Web Server plugin (apache) 2: Spin up a temporary webserver (standalone) 3: Place files in webroot directory (webroot) Select the appropriate number [1-3] then [enter] (press 'c' to cancel):
Selecr option 3 and enter your HTML root path.
Certbot will do verification automatically and show you successful notes like this.
Waiting for verification… Cleaning up challenges IMPORTANT NOTES: Congratulations! Your certificate and chain have been saved at: ...
Step 2: Configure your virtualhost for newly generate or just restart webserver for renew
Now you have your pem files at a known location, just configure them with your virtualhost configuration and restart webserver.
systecmtl restart nginx
Do it with all of your domains every 3 months.