Update your sources.list apt, in my case. I using debian 8 with nginx and yii2 is my php framework.

add this source code like this following below if you are using Jessie :

Using your console, update your repository like below : 

nano /etc/apt/sources.list

add this line in your sources.list file
#debian backport
deb http://ftp.us.debian.org/debian jessie-backports main

please see the image below, i make clearly it for you.


apt-get update


Letsencrypt provides generating SSL with .pem key using certbot, this tool so easy to make your server more secure. the full documentation at https://certbot.eff.org/#debianjessie-nginx, many linux distros have been provided.

To install certbot you need page with can be access for certbot and this mean you have provide path for that. For the example i using yii2 and commonly in yii2  have 2 common type basic and advance mode.

For basic /web 

For advanced /frontend/web

You can see my example certbot code with webroot like this following code, dont wory i will explain then :

certbot certonly --webroot -w /var/www/html/sintret.com/www/frontend/web -d www.sintret.com -d sintret.com


 you can see my webroot with absolute url and then i added -d option for server name. and this is the result,




Congratulations! you have done with your secure web, copy the path .pem key, this will add in nginx server block. Please remember my friends, this certificate will expired in 3 months but don't worry in this tutorial we will create cron job to renew our certificates.

ok, go to your nginx configuration then we need to redirect http to https like this following example code below.


# Default server configuration
server {
listen 80; ## listen for ipv4; this line is default and implied
server_name sintret.com www.sintret.com;
return 301 https://sintret.com$request_uri;

and in other server block like this following

server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
listen 443 ssl default_server;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/letsencrypt/live/www.sintret.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.sintret.com/privkey.pem;


 Restart your nginx 

service nginx restart


 now you can try access your web and you will see https there.

now we need to renew our certificates using command like this :

certbot renew --dry-run


for automatic renewal by adding a cron

certbot renew --quiet


Create cron job, i will create letsencrypt filename


touch letsencrypt
nano letsencrypt



certbot renew --quiet


 after you create a file then you can move the file to /etc/cron.daily directory, with this command console :

mv letsencrypt /etc/cron.daily


in this case i want to renew my certificates daily.


last steps 


chown root /etc/cron.daily/letsencrypt
chmod 744 /etc/cron.daily/letsencrypt


done and cheers


Leave a Comment: