using let's encrypt at digital ocean as of sep 26, 2016, i'm still using ubuntu 12.04. hr. followed instructions at: https://www.reinisfischer.com/linode-how-secure-nginx-lets-encrypt-ubuntu-1204 sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt sudo service nginx stop cd /opt/letsencrypt sudo ./letsencrypt-auto certonly --standalone (numerous ubuntu packages may be updated) (then a text-based app will start. answer prompts, such as adding domain names.) q. Note that if you want a single cert to work with multiple domain names (e.g. example.com and www.example.com (link is external)), be sure to include all of them. q.. (if successful, the terminal app exits. the following info was displayed to me.) Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/soupmode.com/fullchain.pem. Your cert will expire on 2016-12-25. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again. To non-interactively renew *all* of your certificates, run "letsencrypt-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le q. The files themselves are placed in a subdirectory in/etc/letsencrypt/archive. However, Let's Encrypt creates symbolic links to the most recent certificate files in the /etc/letsencrypt/live/your_domain_name directory. Because the links will always point to the most recent certificate files, this is the path that you should use to refer to your certificate files. q.. q. ssl_certificate /etc/letsencrypt/live/www.reinisfischer.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.reinisfischer.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; q.. h3. etc https://letsencrypt.org/getting-started/ https://certbot.eff.org/#ubuntuother-nginx https://www.reinisfischer.com/linode-how-secure-nginx-lets-encrypt-ubuntu-1204 https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04 h3. Renewal Renewed on Sat, Dec 24, 2016: hr. soupmode:/opt/letsencrypt# service nginx stop Stopping nginx: nginx. soupmode:/opt/letsencrypt# ./letsencrypt-auto renew Saving debug log to /var/log/letsencrypt/letsencrypt.log ------------------------------------------------------------------------------- Processing /etc/letsencrypt/renewal/soupmode.com.conf ------------------------------------------------------------------------------- Cert is due for renewal, auto-renewing... Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Renewing an existing certificate Performing the following challenges: tls-sni-01 challenge for soupmode.com tls-sni-01 challenge for www.soupmode.com Waiting for verification... Cleaning up challenges Generating key (2048 bits): /etc/letsencrypt/keys/0001_key-certbot.pem Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem ------------------------------------------------------------------------------- new certificate deployed without reload, fullchain is /etc/letsencrypt/live/soupmode.com/fullchain.pem ------------------------------------------------------------------------------- Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/soupmode.com/fullchain.pem (success) soupmode:/opt/letsencrypt# service nginx start hr. From viewing the cert info via chrome browser: Issued On 12/24/16 Expires On 3/24/17 * i used the above instructions to renew manually on mar 24, 2017. cert info now states: Issued On 3/24/17 Expires On 6/22/17 within the final month or so of the current cert, i receive automated emails from let's encrypt, reminding me that the cert expires on a set date. I receive at least three reminders. hr. renewed june 24, 2017.