How to renew Let’s Encrypt SSL on Nginx/Apache with VirtualHost for many domains


I had some tutorials about Let’s Encrypt configuration and a lot of Q&A about Let’s Encrypt at HERE. But all of those still missing one important thing: How to configure and renew Let’s Encrypt on Nginx/Apache using VirtualHost with more than one domain.

The problem is: certbot is NOT intelligent enough to auto configure new SSL for multi domain virtualhost webserver. That leads to your virtualhost configuration becomes messy.

Here’s proper way to make it works:

Step 1: Generate Let’s Encrypt SSL and do verification automatically

First, issue this command to generate/regenerate the SSL but not configure automatically.

certbot  certonly -d --webroot -w /var/loitools/location 

For multiple domains in one command:

certbot  certonly  --webroot -d -w /var/loitools/location -d  -w /var/config9/local 

Certbot command parameters explanation:

  • certonly: generate cert only and not automatically configure to webserver
  • –webroot: do verification by placing files in web root dir
  • -w: web root dir path
  • -d: domain name

You can also choose a shorter command but then certbot will ask your options and you have to enter manually (you shouldn’t choose this way)

certbot -d certonly

The output will be like this

How would you like to authenticate with the ACME CA?
 1: Apache Web Server plugin (apache)
 2: Spin up a temporary webserver (standalone)
 3: Place files in webroot directory (webroot)
 Select the appropriate number [1-3] then [enter] (press 'c' to cancel):

Selecr option 3 and enter your HTML root path.

Certbot will do verification automatically and show you successful notes like this.

Waiting for verification…
 Cleaning up challenges
 Congratulations! Your certificate and chain have been saved at: ...

Step 2: Configure your virtualhost for newly generate or just restart webserver for renew

Now you have your pem files at a known location, just configure them with your virtualhost configuration and restart webserver.

systecmtl restart nginx

Do it with all of your domains every 3 months.