With prior release of v3.4.0, EasyEngine now comes with built in support for Let’s Encrypt .
Let assume the domain is already pointed to server IP address. If not please point the domain to server before proceeding below. Also confirm both www
and non-www
is pointed to the server.
Lets create a wordpress site with SSL enabled.
ee site create example.com --wp --letsencrypt
That’s it .
This will create a default wordpress site with SSL configuration provided by let’s Encrypt.
What if you already have a site ?
If the site was created with easyengine, let’s secure it with HTTPS now.
Just run
ee site update example.com --letsencrypt
Type ‘y’ when prompt to continue ..
Letsencrypt is currently in beta phase. Do you wish to enable SSl now for in? Type "y" to continue [n]:y Downloading LetsEncrypt [Done] Let's Encrypt successfully setup for your site Your certificate and chain have been saved at /etc/letsencrypt/live/example.com/fullchain.pem Configuring Nginx SSL configuration Adding /var/www/example.com/conf/nginx/ssl.conf Adding /etc/nginx/conf.d/force-ssl-example.com.conf Added HTTPS Force Redirection for Site http://example.com Creating Cron Job for cert auto-renewal Reload : nginx [OK] Congratulations! Successfully Configured SSl for Site https://example.com Your cert will expire within 89 days.
Do not like extra security . OK you can disable HTTPS with
ee site update example.com --letsencrypt=off
Please note disabling HTTPS does not revoke your SSL Cert from Let’s Encrypt.
Currently SSL cert provided by lets encrypt comes with maximum certificate lifetime of 90 days. After 90 days it is required to renew the license .
But manually renewing every 90 days is burdensome. So in easyengine we provide automated way to renew Let’s Encrypt certificates 30 days before certificate expiry with Linux cron .
~# crontab -l
For every sites with HTTPS enabled, similar cron is set on root user.
0 12 * * * ee site update --le=renew --all 2> /dev/null # Renew letsencrypt SSL cert. Set by EasyEngine
Do not like to set cron. Okay you can comment out above cron and run manual update command on every 90 days
ee site update example.com --letsencrypt=renew
Linux commands are sometimes subjected to failure. So we provide Mail Notification for every renewal successful/unsuccessful status . Email is sent to the address provided in .gitconfig file.
Sample mail for unsuccessful attempt of certificate renewal:
Hey Hi, SSL Certificate renewal for https://example.com was unsuccessful. Please check easyengine log for reason. Your SSL Expiry date : Sun Mar 30 16:53:00 IST 2016 For support visit https://easyengine.io/support/ . Your's faithfully, EasyEngine
Sample mail for successful attempt of certificate renewal:
Hey Hi, Your SSL Certificate has been renewed for https://example.com . Your SSL will Expire on : Sun Mar 20 16:53:00 IST 2016 Your's faithfully, EasyEngine
Also Check site’s SSL status and expiry date with
~# ee site info example.com Information about example.com: Nginx configuration wp wpredis (enabled) . . . SSL enabled SSL PROVIDER Lets Encrypt SSL EXPIRY DATE Wed Mar 30 11:25:00 IST 2016 . . .
Alias command:
--le=on/off/renew
If you are facing some locale issue with LetsEncrypt, you can run these commands as root user.
locale-gen en_US en_US.UTF-8
dpkg-reconfigure locales
Then add the following to your /etc/profile
export LC_ALL="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"
To load the above setting into the current shell environment, run source /etc/profile
Important Notes:
- Let’s Encrypt will not work with cloudflare enabled.
- Please point both www.example.com and example.com to server before requesting SSL cert.