To install the initial certificate:
dnf install python3
python3 -m venv /opt/certbot
source /opt/certbot/bin/activate
pip install --upgrade pip
pip install certbot certbot-nginx
certbot certonly --standalone
:: follow prompts
:: once certs are on disk, start nginx
systemctl start nginx.service
To renew:
/opt/certbot/bin/certbot renew --nginx
To perform a dry run of renew:
/opt/certbot/bin/certbot renew --nginx --dry-run --no-random-sleep-on-renew
Notes:
On a fresh box, I use certbot’s --standalone
option
instead of the --nginx
option to get the initial
certificate. Nginx can’t start on a fresh box because the files at
/etc/letsencrypt/live/<my-domain>/
are not yet on
disk (they are created by certbot).
I use the --nginx
option for renewals, as nginx will
already be configured correctly and up and running.
I don’t use yum for this install because the epel repo is not supported by Amazon Linux 2023.
yum install certbot
certbot-auto
epel
Reference: https://certbot.eff.org/instructions?ws=nginx&os=pip