Setup Let’s Encrypt SSL certificate auto-renewal on Alibaba Cloud

This article will show how to setup the Let’s Encrypt SSL certificate auto-renewal on Alibaba Cloud

Setup Let’s Encrypt SSL certificate auto-renewal on Alibaba Cloud

By Dang Minh Tam, Alibaba Cloud Solutions Architect of Vietnam

Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Let's Encrypt also provides a normal SSL certificate and a wildcard SSL certificate. However, each SSL certificate just has 3 months of availability. This article guides you to set up the Let’s Encrypt certbot on Alibaba Cloud ECS to renew your SSL certificate every 3 months automatically.

Requirements:

Alibaba Cloud ECS
Alibaba Cloud DNS domain

Process:
You need an Alibaba Cloud ECS server to install the Let’s Encrypt certbot to renew your SSL certificate. You can read here to know how to create an Alibaba Cloud ECS with Ubuntu 22.04 OS.

You need to own a DNS domain. Let’s Encrypt will add some records to your DNS domain to verify the ownership. You can read here (Checking, Setting, and Changing DNS Records) to know how to purchase and manage a DNS domain on Alibaba Cloud.

You open remote access to your ECS via Workbench in the Alibaba Cloud console.

Screen_Shot_2023_06_13_at_13_06_27

Screen_Shot_2023_06_13_at_13_06_59

Screen_Shot_2023_06_13_at_13_12_17

You install the Let’s Encrypt certbot into your ECS

# sudo -i
# snap install core
# snap refresh core
# snap install --classic certbot

Screen_Shot_2023_06_13_at_13_13_28

# ln -s /snap/bin/certbot /usr/bin/certbot
# snap set certbot trust-plugin-with-root=ok
# snap install certbot-dns-aliyun

Screen_Shot_2023_06_13_at_13_14_20

# snap set certbot trust-plugin-with-root=ok
# snap connect certbot:plugin certbot-dns-aliyun
# /snap/bin/certbot plugins

Screen_Shot_2023_06_13_at_13_15_17

# mkdir /opt/certbot_dns/
# vi /opt/certbot_dns/credentials.ini

Screen_Shot_2023_06_13_at_13_16_02

Screen_Shot_2023_06_13_at_13_16_34

# chmod 600 /opt/certbot_dns/credentials.ini
# certbot certonly --authenticator=dns-aliyun --dns-aliyun-credentials='/opt/certbot_dns/credentials.ini' -d alibabacloudvn.top -d "*.alibabacloudvn.top"

Screen_Shot_2023_06_13_at_13_17_22

You will have 4 SSL certificates are saved at: /etc/letsencrypt/live/alibabacloudvn.top/

fullchain.pem
chain.pem
cert.pem
privkey.pem

These certificates will be expired in next 3 months. You use this command below to setup auto renewal

# certbot renew --dry-run

The command to renew certbot is installed in one of the following locations:

/etc/crontab/
/etc/cron./
systemctl list-timers

You complete the certbot system to auto-renewal your SSL certificates every 3 months. You can upload your SSL certificates to use in another system too.