Nethence Newdoc Olddoc Lab Your IP BBDock  

Let’s Encrypt

SSL certs for free – There is unfortunately no wildcard feature yet, but it is ok: just generate sub-domain certs as required


apt-get install software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install certbot
#apt-get install python-certbot-apache
#apt-get install python-certbot-nginx

Requirements (Assuming NGINX)

For web vhosts, simply use the existing share and make sure .well-known/ will be accessible on port 80,

mkdir -p /data/www/$VHOST/.well-known/
echo "<p>ok" > /data/www/$VHOST/.well-known/check.html
#eventually remotely,
curl -s http://$VHOST/.well-known/check.html
unset VHOST

For non web services e.g. an MX or IMAP, create a temporary web vhost on port 80,

mkdir -p /data/www/lets/
vi ~/conf.d/lets.conf

server {
        root /data/www/lets;
        access_log logs/lets.access.log compression;
        error_log  logs/lets.error.log warn;

        location / {
                try_files $uri $uri/ =404;

/usr/local/nginx/sbin/nginx -s reload

mkdir -p /data/www/lets/.well-known/
echo "<p>ok" > /data/www/lets/.well-known/check.html
#eventually remotely,
curl -s

Generating certs

certbot certonly -d FQDN

2: Place files in webroot directory (webroot)

1: Enter a new webroot

Input the webroot for (Enter 'c' to cancel): /data/www/lets

Eventually copy/paste the output to ~/CERTIFICATES to remind you the right certificate pathes.

Apply the certs e.g. for MX and IMAP,

vi /etc/postfix/


postfix stop
postfix stop
#ps auxw | grep master
/usr/sbin/postfix start

vi /etc/dovecot/conf.d/10-ssl.conf

ssl_cert = </etc/letsencrypt/live/
ssl_key = </etc/letsencrypt/live/

dovecot stop
dovecot stop
#ps auxw | grep dove


Display certificates,

certbot certificates


certbot revoke --cert-path path/to/cert...

Delete a certificate (interactive),

certbot delete

DO NOT attempt to renew all certs at once, this may play with hooks that we do not want,

#certbot renew

Reniew a specific domain with the same command as initially,

certbot certonly -d FQDN



Home | GitHub | Docker Hub | Donate | Contact