Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.



These Instructions are for an ubuntu installation with nginx as the server. This method enables a user to get (free) certificates from an opensource provider and requires the website name to be publicly accessible. These instructions may not be applicable in other environments. Follow all applicable certificate policies when installing.

Instructions for creating and renewing a certificate are here.

Before obtaining the certificates ensure that there are two DNS A record for the website name (i.e. demonodepublicdns). 


The instructions to do these steps are outlined at the following link:

Certificate creation on CentOS:

BAO has created custom scripts to aid in the creation of certificates on CentOS and Amazon Linux hosts. That script is called certbot-new and is available on hosts with the BAO yum repository installed. In order to create a new certificate, use the following steps:

  • If you need a cert for $( hostname ):
    • Use the wrapper script: certbot-new --domain=$( hostname )
    • Add the Nginx config from certbot-new to /etc/nginx/conf.d/ssl-files.conf
  • Create another certificate if $( hostname ) begins with www. or is a naked domain:
    • Use the wrapper script: cerbot-new
    • Add the Nginx config to the non-default server{} in Nginx, NOT the conf.d/ssl-files.conf file (that is intended for the default hostname/domain)

Certificate Renewal:

If the server was installed by BAO, or using BAO's tools, the cron job will automatically be installed in /etc/cron.daily/certbot-renew.

Essentially, the certbot-renew script runs the following:

certbot \
  renew \
  --quiet \
  --non-interactive \
  --agree-tos \
  --preferred-challenges 'http-01' \
  --pre-hook '/bin/mkdir -pv /var/lib/letsencrypt/html/' \
  --renew-hook "$RENEW_HOOK"