Install the Certbot client

pkg install py27-certbot

Generate certificate

certbot certonly --webroot -w /usr/local/www/example -d example.xyz

I’m using spring on http and nginx as proxy server for ssl layer. Here is the nginx config:

        server {
                listen 443;
                server_name example.com;

                ssl on;
                ssl_certificate /usr/local/etc/letsencrypt/live/example.com/fullchain.pem;
                ssl_certificate_key /usr/local/etc/letsencrypt/live/example.com/privkey.pem;
                ssl_session_cache shared:SSL:10m;

                location / {
                        proxy_pass http://localhost:8080;
                        proxy_set_header Host $host;
                }
                
                location /.well-known {
                        alias /home/path-to-root/.well-known/;
                }
        }

        server {
                listen 80;
                server_name example.com;
                return 301 https://$server_name$request_uri;
        }

Open the renewal option of letsencrypt and make sure default values are set

# Options used in the renewal process
[renewalparams]
authenticator = webroot
installer = None
account = ...
webroot_path = /home/path-to-root,
[[webroot_map]]
domain = /home/path-to-root

Renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days only Add to cron, with crontab -e command the following

0 4 * * * certbot -q renew --renew-hook "service nginx reload"