How can I use "let's encrypt" without stopping nginx?

Question

I am adding https support to our servers. How can I not stop Nginx when adding Let's Encrypt support?

Answer 1

against all answers you can run certbot in nginx mode.
just read the docs for it.
all you have to do is install an additional nginx plugin and follow the docs of certbot.
that plugin would even hot reload the cached certificates in nginx ram as soon as they get updated.

https://certbot.eff.org/instructions

or go to the nginx docs instead: https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/

Answer 2

You can use docker for that. Link on hub.docker

For example:

Create certbot.sh

For that you must run in CLI:

touch certbot.sh && chmod +x ./certbot.sh

Write in file:

#!/usr/bin/env bash
docker run --rm -v /etc/letsencrypt:/etc/letsencrypt -v /var/lib/letsencrypt:/var/lib/letsencrypt certbot/certbot "$@"

and run like this:

./certbot.sh --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

OR

./certbot.sh renew

And you can add call this method in crontab for renew

0 0 1 * * /<PATH_TO_FILE>/certbot.sh renew

Answer 3

Add this block to your server configuration (depending on your server configuration you can use other path than /var/www/html):

location ~ /.well-known {
    root /var/www/html;
    allow all;
}

Reload nginx, run certbot as follows:

certbot certonly -a webroot --webroot-path=/var/www/html -d yourdomain.example

Apply generated certificate to your server configuration

ssl_certificate /etc/letsencrypt/live/yourdomain.example/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.example/privkey.pem;

Make sure server setup is configured to run on port 443 with ssl:

listen 443 ssl;

Reload nginx again. Between reloads, you can make sure if configuration don't have syntax errors by running nginx -t.