Certbot (https://github.com/certbot/certbot) is the client previously known as the “Let’s Encrypt Client.” I’m using it on my OS X machine to provide a free SSL cert for an NGINX SSL termination instance.
As of last week (June 6, 2016), there was still a bug in the header generation for OS X that would prevent the client from working, the fix was to not allow the client to update itself.
Once you walk through the usual letsencrypt setup choosing certonly
, you may need to use the standalone
auth mechanism if you’re running NGINX on a port other than the default (443).
Your certs will be output to /etc/letsencrypt/live/www.yourhostname.com/
so set up links for nginx.conf
$ cd /usr/local/etc/nginx
$ sudo ln -s /etc/letsencrypt/live/www.yourhostname.com/privkey.pem ssl-nopw.key
$ sudo ln -s /etc/letsencrypt/live/www.yourhostname.com/fullchain.pem ssl-unified.crt
resulting in
rwxr-xr-x 1 root admin 47 8 Jan 20:52 ssl-nopw.key -> /etc/letsencrypt/live/www.yourhostname.com/privkey.pem
lrwxr-xr-x 1 root admin 49 8 Jan 20:52 ssl-unified.crt -> /etc/letsencrypt/live/www.yourhostname.com/fullchain.pem
and the corresponding nginx.conf
entry:
server {
listen 443 ssl;
server_name www;
ssl_certificate ssl-unified.crt;
ssl_certificate_key ssl-nopw.key;
[...]
}