Free SSL Certificate: Deploy Let’sEncrypt SSL on your website (with shell access)

A big thanks to Let'sEncrypt/CertBot before starting this article for providing us an open-source SSL certificate that is so easy to deploy. Having https:// before your domain name in the URL helps in building visitor's trust towards your domain and why you shouldn't do it if you're getting everything for free. To pursue these lines of commands I presumed you have a working site over HTTP and have shell access to run the commands. So, let's dive straight into the process:

Note: I am experimenting this on a Laravel website hosted on Amazon Linux AMI - nginx server, But the procedure will be the same for all.

  • We've to create a hidden directory in your root directory with name .well-known. Don't forget to add period (.) in directory name to make it hidden.
$ mkdir /var/www/
  • Give proper permission to the user/group for the newly created directory
chmod 755 .well-known
  • Probably you've done this step earlier but you can check it again. Check your server configuration file (by running this command in your terminal/putty : nginx -t) to point to the root instead of the public folder. I got my file in /etc/nginx/nginx.conf Comment a line similar to this by placing "#" before the line. The statement will look like this after commenting.
#root /var/ww/;
  • Add a new line below it to point the root
root /var/www/;
  • Add the below lines of code in the configuration file in http{ } segment
	location ~ /.well-known { allow all; }
  • If everything goes fine then you should be able to restart your nginx server
sudo service nginx restart
  • Create the dhparam.pem file
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
  • Start installing let'sencrypt
sudo apt-get update
sudo apt-get install git
  • If apt-get is not working then you can use "yum" for centOS or Amazon Linux AMI which is closest to centOS
sudo yum update
sudo yum install git
  • Now clone the let'sEncrypt repo from git
git clone /opt/letsencrypt
  • And run this command to install the certificate
/opt/letsencrypt/letsencrypt-auto --debug
  • Then it will ask you to select your server.
  • After selecting the server it will ask you to select the domain variant you want to apply let'sEncrypt on. e.g. and
  • After selecting the domain it will ask whether you want http requests to https or not.

Here you'll get the message you want.

Congratulations! Your certificate and chain have been saved at: /etc/letsecrypt/live/
Your key file has been saved at: /etc/letsencrypt/live/
Your cert will expire on 2019-06-21. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again with the certonly renew *all* of your certificates, run letsencrypt-auto renew

Drop your queries in the comments below. I'll be more than happy to help you all.

Posted In:
Do share till i am pulling them away.😂