Using Let's Encrypt

Let's Encrypt is a certificate authority that provides free SSL certificates. The only downsides of Let's Encrypt are that they don't release a list of the IPs they issue certificates with so you cant have a firewall and the second downside is they don't support IP certificates.

Install Certbot

Downloading Certbot

To begin, we will install certbot, a simple script that automatically renews our certificates and allows much easier creation of them. The command below is for Ubuntu distributions, but you can always check Certbot's official site (opens in a new tab) for installation instructions. We have also included a command below to install certbot's Apache plugin so you won't have to stop your webserver.

apt update
apt install -y certbot python3-certbot-nginx

Completing the HTTP Challenge

Make sure you have port 80 open on your firewall
Request a certificate from Let's Encrypt, you should replace example.com with the domain you would like to generate a certificate for.

certbot certonly --nginx -d example.com

Automatically Renewing SSL/TLS certificates

Install crontab:

apt install cron

Create a crontab rule for the automatic renewal:

(crontab -l ; echo "0 23 * * * certbot renew --quiet --deploy-hook \"systemctl restart nginx\"")| crontab -

SOC 2 Compliance Wildcard SSL Certificates