Page Comparison

The goal of this article is to provide you the steps needed to generate a trusted SSL certificate using Let's Encrypt.

...

At the end of the process, your certificate, private key, and LE chain will be installed to /etc/letsencrypt/archive/<YOUR_DOMAIN> directory.

Install the certificate

Copy the generated private key and certificate to the default directory (used by Asterisk and Nginx):

mv /etc/letsencrypt/archive/<YOUR_DOMAIN>/privkey1.pem /etc/pki/tls/private/motion.key
mv /etc/letsencrypt/archive/<YOUR_DOMAIN>/fullchain1.pem /etc/pki/tls/certs/motion.crt

Restart services

Restart Asterisk and Nginx services in order to apply changes:

systemctl restart asterisk
systemctl start nginx

Backup private key and certificate

Before running the SSL certificate generation, backup the existing private key and the certificate:

mv /etc/ssl/private/motion.key /etc/ssl/private/motion.key.bak
mv /etc/ssl/certs/motion.crt /etc/ssl/certs/motion.crt.bak

Install package dependencies

Connect to your server through SSH console and install the following packages:

apt -y install certbot

Obtaining a Certificate

Before obtaining the certificate, stop nginx service and be sure that no service is running on TCP port 443:

systemctl stop nginx 

Once you installed the certbot package, you can run the command in SSH console and follow the instructions:

certbot certonly --standalone -d <YOUR_DOMAIN> --email <YOUR_EMAIL_ADDRESS>

At the end of the process, your certificate, private key, and LE chain will be installed to /etc/letsencrypt/live/<YOUR_DOMAIN> directory.

Install the certificate

Copy the generated private key and certificate to the default directory (used by Asterisk and Nginx):

cp /etc/letsencrypt/live/<YOUR_DOMAIN>/privkey1.pem /etc/ssl/private/motion.key
cp /etc/letsencrypt/live/<YOUR_DOMAIN>/fullchain1.pem /etc/ssl/certs/motion.crt

Restart services

Restart Asterisk and Nginx services in order to apply changes:

...