Inital bumper

README.md

@@ -1,3 +1,58 @@
-# LetsEncryptCertificate
+# Let’s Encrypt certificates without exposing port 80 and 443 trough DNS record
 
-Create  Let's Encrypt certificate without exposing port 80 and 443 for renewal process.
+
+## Instructions on SSH end
+
+Replace yourdomain.org with your actual domain.
+
+- sudo -s
+- apt install -y certbot
+- certbot --manual --preferred-challenges dns certonly --elliptic-curve secp384r1 -d yourdomain.org
+
+
+
+Follow the console instruction and give GoDaddy or whatever you use your TXT record with the provided data.
+
+
+Hit enter.
+
+
+## Certificates are stored here
+- Certificate is saved at: /etc/letsencrypt/live/yourdomain.org/fullchain.pem
+- Key is saved at: /etc/letsencrypt/live/yourdomain.org/privkey.pem
+
+
+## Cert paths
+- CERT:  /etc/letsencrypt/live/yourdomain.org//cert.pem
+- CHAIN: /etc/letsencrypt/live/yourdomain.org//chain.pem
+- FULLCHAIN: /etc/letsencrypt/live/yourdomain.org//fullchain.pem
+- PRIVKey: /etc/letsencrypt/live/yourdomain.org//privkey.pem
+
+
+## Add cron job for reneww process and restart Nginx
+- crontab -e
+- #@weekly /usr/bin/certbot renew > /dev/null 2>&1
+- @weekly /usr/bin/certbot renew --renew-hook 'systemctl restart nginx.service' > /dev/null 2>&1
+
+
+## Adjust Renewable procedure - only one single time needed
+- nano /etc/letsencrypt/renewal/yourdomain.org.conf
+- authenticator = standalone
+
+
+## Start timers and verify the status to ensure its running
+- systemctl enable certbot.timer
+- systemctl restart certbot.timer
+- systemctl status certbot.timer
+
+
+## Logs
+- /var/log/letsencrypt/letsencrypt.log
+
+
+## Delete old certificates if not needed anymore
+- certbot delete
+
+
+## Close ufw ports
+You can remove Port 80, 443 is usually needed anyway for e.g. Nextcloud or whatever you use.