Quick Start

Important Notes:

  • Using Digital Ocean droplet 5$/month tier
  • CentOS 7
  • Apache (I am assuming this is already installed and running)
  • May need sudo in front of these commands if you created a non-root user
  1. Install EPEL (Project Site):
      wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm # may need `yum install wget`
      yum install epel-release-latest-7.noarch.rpm
  2. Install certbot (Project Site for CentOS/Apache):
      yum install python-certbot-apache
      certbot --apache # follow prompts, I force SSL
  3. Auto-renewal (because we are lazy, modified slightly from Arch Wiki Let’s Encrypt):
    • The one-shot service which runs the renewal /etc/systemd/system/certbot.service:

        Description=Let's Encrypt renewal
        ExecStart=/usr/bin/certbot renew --quiet --agree-tos
    • The certbot.service will check for an expired certificate and install a new one only if necessary. Certbot recommends that you check twice a day with a random 60 minute delay, we do that with /etc/systemd/system/certbot.timer:

        Description=Daily renewal of Let's Encrypt's certificates
    • Enable and start the timer:

        systemctl enable certbot.timer
        systemctl start certbot.timer
  4. Shortly after posting this I noticed that URLs which don’t exist yield an SSL error. I had to correct the vhost in /etc/httpd/conf.d/le-redirect-www.chiroptical.com\:443.conf. Just change the line: ServerAlias www.chiroptical.com to ServerAlias www.chiroptical.com chiroptical.com (obviously using your site name). This may have been because I already set this up previously using the non-certbot version of letsencrypt, but I don’t remember where I did that.

Congratulations on your automatically renewed and free SSL certificates :)