Install the Certbot client

pkg install py27-certbot

Generate certificate

certbot certonly --webroot -w /usr/local/www/example -d

I’m using spring on http and nginx as proxy server for ssl layer. Here is the nginx config:

        server {
                listen 443;

                ssl on;
                ssl_certificate /usr/local/etc/letsencrypt/live/;
                ssl_certificate_key /usr/local/etc/letsencrypt/live/;
                ssl_session_cache shared:SSL:10m;

                location / {
                        proxy_pass http://localhost:8080;
                        proxy_set_header Host $host;
                location /.well-known {
                        alias /home/path-to-root/.well-known/;

        server {
                listen 80;
                return 301 https://$server_name$request_uri;

Open the renewal option of letsencrypt and make sure default values are set

# Options used in the renewal process
authenticator = webroot
installer = None
account = ...
webroot_path = /home/path-to-root,
domain = /home/path-to-root

Renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days only Add to cron, with crontab -e command the following

0 4 * * * certbot -q renew --renew-hook "service nginx reload"