SSL certificates can cost anywhere from $12-$100s of dollars a year, and since you can now get them for free I don’t see a great reason to buy them.
In this guide I’m going to be assuming that you have your own web server setup that you can configure to look in an arbitrary directory for SSL certs / keys. I’m also going to be assuming you’ve purchased a domain name and added an A record (or similar) pointing at your ip.
We’re going to setup automatically renewing SSL certificates with LEGO (let’s encrypto Go) a cli to get certs, and cron to automatically run LEGO.
I’m going to be doing this on a basic aws linux instance running Amazon Linux V2, which uses the yum package manager. Things should be fairly similar running Ubuntu/Debian.
Step 1 - Install the lego binary
Pick your os and architecture and copy the link from this page: https://github.com/go-acme/lego/releases Then download it, untar it, and move it to your directory of binaries.
Step 2 - Setup folders and renewal script
Next head to wherever you want your certs installed, for me that’ll be
You’ll need to fill in your email and domain. You can add as many
--domains='something.com' as you like. I just did the www subdomain and root. You’ll also need to change the call to service to whatever service manager you use to turn your webserver off and on (lego temporarily uses port 80 to get certificates so you need to free the port).
Step 3 - Make the script executable and run it from cron
crontab will open up an interactive window, in there add :
This will run the /etc/certs/renew.sh script once a month so they will not expire.
Finally run the same command once with run instead of renew at the end (manually) and you’re all set
And you’re all set. You should see two new folders:
accounts and certificates in