Adoni Pavlakis
Apr 1, 2017 · 3 min read

Using to generate LetsEncrypt certificates


I have been using LetsEncrypt since it came out. Its great to have the ability to create free SSL certificates and more importantly don’t have to worry about renewing them.

A couple of months ago I run into some issues where LetsEncrypt (and later certbot) would fail as they were missing some dependencies. That in turn would sometime cause some of my services to shut down. Which became an issue.

Primarily it had to do with the OS I was using at the time. CentOS 6.5.

It also made it difficult to generate certificates using DNS challenge — I suppose due to an older version I was running.

Twitter to the rescue. I got pointed to

Getting started with is a Shell implementation for generating LetsEncrypt certificates. It doesn’t matter what OS you’re using and also works great with DNS challenge!

You can install using git, wget or curl. i.e.

curl | sh

This will copy to your home dir, create an alias and setup a monthly cron. To use, restart your terminal or use source. i.e.

source ~/.bashrc

Depending on the privileges of the account you’ve used, it may be easier to move the cron to the su account. i.e. sudo crontab -e

To see the cron, run:

crontab -e

You can use to see what the crontab time frequency has been set to.

Using DNS Challenge with

Run the following command to specify the domain: --issue --dns -d

The above command will generate an authentication token for that domain and will ask to create a TXT record under the “_acme-challenge” subdomain for your domain. In this example that would be: “

The information for that domain will be saved in a configuration file in your home dir. e.g. “~/

We can use dig to find out when the value has been updated in the DNS (need to add that manually in your DNS management control panel).

dig -t txt

Once the TXT record has propagated, we can then generate the first certificate: --renew -d

Now all the certificates have been issued and stored in your home dir, under “~/” in a folder with the name of your domain.

To install the issued certificates, recommends using the following command to copy the certificates in the required location. This is so this process can be automated without depending on any existing file structure within the “~/” directory.

Install issued certificates

For more info see:

For nginx and for the above example we’ve used the following:

(1) Create the directory where you want the certificates to be copied to. e.g.

sudo mkdir -p /etc/ssl/

(2) Move the certificates to their corresponding paths:

sudo /home/phpminds-user/ --install-cert -d \
--keypath /etc/ssl/ \
--fullchainpath /etc/ssl/ \
--reloadcmd "service nginx force-reload"

Here I’ve used sudo as I want the ability to be able restart the nginx server.

See the official documentation for use with apache.

Updating nginx

The last step we need to do is point the nginx configuration for our domain to the certificates we have created under “/etc/ssl”


ssl_certificate /etc/ssl/;
ssl_certificate_key /etc/ssl/;

Restart the web server, and you’re done.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store