Skip to content. | Skip to navigation

Personal tools
This is Lite Plone Theme

SSL Certificate

This page describes setting up an SSL Certificate on nginx

SSL Certificate request and installation

Usually certificate requesting and installation can be a cumbersome task, but a new initiative by ISRG has made this very easy:

  • Download the tool on the server:
    $ git clone
  • Stop nginx, so that the tool can utilize port 80/443
  • Run the tool like this, if the server is sc40:
    $ ./letsencrypt-auto certonly --standalone -d
  • (OR root@sc37:/home/sctp/letsencrypt$ letsencrypt-auto renew)
  • Verify that the nginx config-file, /etc/nginx/sites-enabled/default, references the new generated keys:
    ssl_certificate     /etc/letsencrypt/archive/*.pem;
    ssl_certificate_key /etc/letsencrypt/archive/*.pem;

SSL Certificate update by cron

Is one of the few things done by cron of root by means of a script /root/bin/ on both sc37 and sc40. This is processed weekly and renews certificates which expires within 14 days.