Let's Encrypt with Rails and Nginx

Categories: deployment


At the time of this writing ppa:certbot/certbot is using an outdated version of Certbot. For this article, we will be manually installing Certbot Auto from https://dl.eff.org/certbot-auto

wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto


Allow HTTPS via UFW

sudo ufw allow 'Nginx Full'

Verify Nginx Full is set to ALLOW

sudo ufw status

Let’s Encrypt Certificate

Install Let’s Encrypt Certificate

# --cert-name - Used to give your certificate a name.
# -d - The domains you are including in your SSL cert
# --nginx - will instruct certbot to edit your Nginx config with following:
# ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# include /etc/letsencrypt/options-ssl-nginx.conf;
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

sudo /usr/local/bin/certbot-auto --cert-name example.com -d example.com -d www.example.com --nginx

You will make to make any corrections to your Nginx config incase Certbot broke the layout. After saving your changes, restart Nginx.

sudo systemctl restart nginx


Add the following cron job to the default/system crontab.

echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew -q" | sudo tee -a /etc/crontab > /dev/null