After purchasing SSL certs for many years for my personal project websites, I recently switched to creating free Let’s Encrypt certs using CertBot instead.
To install with python and pip on Debian based Linux, for nginx (from here):
Install deps and install:
sudo apt install python3 python3-dev python3-venv libaugeas-dev gcc sudo python3 -m venv /opt/certbot/ sudo /opt/certbot/bin/pip install --upgrade pip sudo /opt/certbot/bin/pip install certbot certbot-nginx sudo ln -s /opt/certbot/bin/certbot /usr/local/bin/certbot
To generate certificate and renew manually (same command):
sudo certbot certonly -v --reinstall --webroot --webroot-path=/var/www/html/ --email your@email --agree-tos --no-eff-email -d your.domain.name
To view current status of your certificates:
certbot certificates
For websites not on the public internet where the validation step can’t use the webserver to host a validation file, certbot also can validate using a DNS record with a generated value – follow the prompts to use this approach:
certbot certonly --manual --preferred-challenges dns -d your.domain.name