Update your sources.list apt, in my case. I using debian 8 with nginx and yii2 is my php framework.
add this source code like this following below if you are using Jessie :
Using your console, update your repository like below :
add this line in your sources.list file
deb http://ftp.us.debian.org/debian jessie-backports main
please see the image below, i make clearly it for you.
Letsencrypt provides generating SSL with .pem key using certbot, this tool so easy to make your server more secure. the full documentation at https://certbot.eff.org/#debianjessie-nginx, many linux distros have been provided.
To install certbot you need page with can be access for certbot and this mean you have provide path for that. For the example i using yii2 and commonly in yii2 have 2 common type basic and advance mode.
For basic /web
For advanced /frontend/web
You can see my example certbot code with webroot like this following code, dont wory i will explain then :
certbot certonly --webroot -w /var/www/html/sintret.com/www/frontend/web -d www.sintret.com -d sintret.com
you can see my webroot with absolute url and then i added -d option for server name. and this is the result,
Congratulations! you have done with your secure web, copy the path .pem key, this will add in nginx server block. Please remember my friends, this certificate will expired in 3 months but don't worry in this tutorial we will create cron job to renew our certificates.
ok, go to your nginx configuration then we need to redirect http to https like this following example code below.
# Default server configuration
listen 80; ## listen for ipv4; this line is default and implied
server_name sintret.com www.sintret.com;
return 301 https://sintret.com$request_uri;
and in other server block like this following
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
listen 443 ssl default_server;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Restart your nginx
service nginx restart
now you can try access your web and you will see https there.
now we need to renew our certificates using command like this :
certbot renew --dry-run
for automatic renewal by adding a cron
certbot renew --quiet
Create cron job, i will create letsencrypt filename
certbot renew --quiet
after you create a file then you can move the file to /etc/cron.daily directory, with this command console :
mv letsencrypt /etc/cron.daily
in this case i want to renew my certificates daily.
chown root /etc/cron.daily/letsencrypt
chmod 744 /etc/cron.daily/letsencrypt
done and cheers