LetsEncryptCertificate/README.md

# Let’s Encrypt certificates without exposing port 80 and 443, trough DNS record


## Instructions on SSH end

Replace yourdomain.org with your actual domain.

- sudo -s
- apt install -y certbot
- certbot --manual --preferred-challenges dns certonly --elliptic-curve secp384r1 -d yourdomain.org


Follow the console instruction and give GoDaddy or whatever you use your TXT record with the provided data.


Hit enter.


## Certificates are stored here
- Certificate is saved at: /etc/letsencrypt/live/yourdomain.org/fullchain.pem
- Key is saved at: /etc/letsencrypt/live/yourdomain.org/privkey.pem


## Cert paths
- CERT:  /etc/letsencrypt/live/yourdomain.org//cert.pem
- CHAIN: /etc/letsencrypt/live/yourdomain.org//chain.pem
- FULLCHAIN: /etc/letsencrypt/live/yourdomain.org//fullchain.pem
- PRIVKey: /etc/letsencrypt/live/yourdomain.org//privkey.pem


## Add cron job for renewable process and restart Nginx
- crontab -e
- #@weekly /usr/bin/certbot renew > /dev/null 2>&1
- @weekly /usr/bin/certbot renew --renew-hook 'systemctl restart nginx.service' > /dev/null 2>&1


## Adjust Renewable procedure - only one single time needed
- nano /etc/letsencrypt/renewal/yourdomain.org.conf
- authenticator = standalone


## Start timers and verify the status to ensure its running
- systemctl enable certbot.timer
- systemctl restart certbot.timer
- systemctl status certbot.timer


## Logs
- /var/log/letsencrypt/letsencrypt.log


## Delete old certificates if not needed anymore
- certbot delete


## Close ufw ports
You can remove Port 80, 443 is usually needed anyway for e.g. Nextcloud or whatever you use.
-												Typo

As always....

											
										
										
											2023-02-27 11:46:42 +01:00
+								# Let’s Encrypt certificates without exposing port 80 and 443, trough DNS record
-												Initial commit

											
										
										
											2023-02-27 11:37:20 +01:00
-												Inital bumper

											
										
										
											2023-02-27 11:45:32 +01:00
 								## Instructions on SSH end
 								Replace yourdomain.org with your actual domain.
 								- sudo -s
 								- apt install -y certbot
 								- certbot --manual --preferred-challenges dns certonly --elliptic-curve secp384r1 -d yourdomain.org
 								Follow the console instruction and give GoDaddy or whatever you use your TXT record with the provided data.
 								Hit enter.
 								## Certificates are stored here
 								- Certificate is saved at: /etc/letsencrypt/live/yourdomain.org/fullchain.pem
 								- Key is saved at: /etc/letsencrypt/live/yourdomain.org/privkey.pem
 								## Cert paths
 								- CERT:  /etc/letsencrypt/live/yourdomain.org//cert.pem
 								- CHAIN: /etc/letsencrypt/live/yourdomain.org//chain.pem
 								- FULLCHAIN: /etc/letsencrypt/live/yourdomain.org//fullchain.pem
 								- PRIVKey: /etc/letsencrypt/live/yourdomain.org//privkey.pem
-												Typo

As always....

											
										
										
											2023-02-27 11:46:42 +01:00
+								## Add cron job for renewable process and restart Nginx
-												Inital bumper

											
										
										
											2023-02-27 11:45:32 +01:00
+								- crontab -e
 								- #@weekly /usr/bin/certbot renew > /dev/null 2>&1
 								- @weekly /usr/bin/certbot renew --renew-hook 'systemctl restart nginx.service' > /dev/null 2>&1
 								## Adjust Renewable procedure - only one single time needed
 								- nano /etc/letsencrypt/renewal/yourdomain.org.conf
 								- authenticator = standalone
 								## Start timers and verify the status to ensure its running
 								- systemctl enable certbot.timer
 								- systemctl restart certbot.timer
 								- systemctl status certbot.timer
 								## Logs
 								- /var/log/letsencrypt/letsencrypt.log
 								## Delete old certificates if not needed anymore
 								- certbot delete
 								## Close ufw ports
 								You can remove Port 80, 443 is usually needed anyway for e.g. Nextcloud or whatever you use.