How to renew Let’s Encrypt SSL on Nginx/Apache with VirtualHost for many domains

I had some tutorials about Let’s Encrypt configuration and a lot of Q&A about Let’s Encrypt at HERE. But all of those still missing one important thing: How to configure and renew Let’s Encrypt on Nginx/Apache using VirtualHost with more than one domain.

The problem is: certbot is NOT intelligent enough to auto configure new SSL for multi domain virtualhost webserver. That leads to your virtualhost configuration becomes messy.

Here’s proper way to make it works:

Step 1: Generate Let’s Encrypt SSL and do verification automatically

First, issue this command to generate/regenerate the SSL but not configure automatically.

certbot  certonly -d loitools.com --webroot -w /var/loitools/location 

For multiple domains in one command:

certbot  certonly  --webroot -d loitools.com -w /var/loitools/location -d config9.com  -w /var/config9/local 

Certbot command parameters explanation:

  • certonly: generate cert only and not automatically configure to webserver
  • –webroot: do verification by placing files in web root dir
  • -w: web root dir path
  • -d: domain name

You can also choose a shorter command but then certbot will ask your options and you have to enter manually (you shouldn’t choose this way)

certbot -d loitools.com certonly

The output will be like this

How would you like to authenticate with the ACME CA?
 
 1: Apache Web Server plugin (apache)
 2: Spin up a temporary webserver (standalone)
 3: Place files in webroot directory (webroot)
 
 Select the appropriate number [1-3] then [enter] (press 'c' to cancel):

Selecr option 3 and enter your HTML root path.

Certbot will do verification automatically and show you successful notes like this.

Waiting for verification…
 Cleaning up challenges
 IMPORTANT NOTES:
 Congratulations! Your certificate and chain have been saved at: ...

Step 2: Configure your virtualhost for newly generate or just restart webserver for renew

Now you have your pem files at a known location, just configure them with your virtualhost configuration and restart webserver.

systecmtl restart nginx

Do it with all of your domains every 3 months.