Free Trusted SSL Certificates using Let’s Encrypt

Trust is a hard thing to earn. Well, this proved right when I wanted to generate a free Trusted SSL certificate for a domain. Let’s Encrypt standing by the name literally made me encrypt the certs. Finally the domain is secure. And here are the steps to make your domain secure using Let’s Encrypt.

Note: AWS, GoDaddy, Nginx, Let’s Encrypt, Linux Ubuntu 16.04

GoDaddy configuration:


1. Obtain Domain
2. Create a A-Name and forward it to IP address where the Website/Application is hosted. Make sure the IP is elastic.

Note: It may take few minutes for the IP address mapping to propagate in web

Let’s Encrypt Certbot Installation:


sudo apt-get install git

sudo git clone /opt/letsencrypt

cd /opt/letsencrypt

Create Certbot certificate (Manual):


Note: There were a few version mismatch issues with automatic nginx/apache certbot certificate creation methods while creating this blog. If it works, then all these configurations are done automatically.

sudo certbot-auto certonly --email -a manual -d

Now, there is a challenge that needs to fullfilled ( kind of pre-SSL simulation ). You need to create a temporary file (temporary file name) with a temporary content and make it available in the domain URL where the site hosting is to be done.


Nginx configuration for acme-challenge:


server {
  listen 80;
  root /var/www/html;
  location ^~ /.well-known/ {
    default_type "text/plain";
    auth_basic off;
    root /var/www/html; 
    allow all;

This will create 4 new files in /etc/letsencrypt/live/ directory. These certificates are valid only for 90 days and needs to be renewed periodically.

cert.pem - Certificate file (
chain.pem - CA chain file
fullchain.pem - File containing CA Chain and the certificate for the domain
privkey.pem - Certificate's Private key

Renewing Let’s Encrypt Certificates:


cd /opt/letsencrypt

sudo certbot-auto certonly --renew-by-default --email -a manual -d

Complete Nginx SSL configuration:


server {
  listen 443 ssl;
  sendfile on; 
  charset utf-8;
  client_max_body_size 750M;
  uwsgi_read_timeout 8000s;
  uwsgi_send_timeout 8000s;
  client_header_timeout 8000s;
  proxy_read_timeout 8000s;

  ssl_certificate /etc/letsencrypt/live/;
  ssl_certificate_key /etc/letsencrypt/live/;

   # Gzip Settings
  gzip on;
  gzip_http_version 1.1;
  gzip_disable "MSIE [1-6]\.";
  gzip_min_length 1100;
  gzip_vary on;
  gzip_proxied expired no-cache no-store private auth;
  gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
  gzip_comp_level 9;

  root /var/www/html;

  index index.html index.htm index.nginx-debian.html;

   # Main file index.html
  location / {
    autoindex on;
    root /var/www/html;
    try_files $uri $uri/ $uri.html $uri.txt /index.html =404;





3 .



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s