Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

The goal of this article is to provide you the steps needed to generate a trusted SSL certificate using Let's Encrypt with Debian.

Backup private key and certificate

Before running the SSL certificate generation, backup the existing private key and the certificate:

mv /etc/ssl/private/motion.key /etc/ssl/private/motion.key.bak
mv /etc/ssl/certs/motion.crt /etc/ssl/certs/motion.crt.bak


Install package dependencies

Connect to your server through SSH console and install the following packages:

apt -y install certbot

Obtaining a Certificate

TCP port 80 must be open to your server in order to obtain the certificate

Before obtaining the certificate, stop nginx service and be sure that no service is running on TCP port 443:

systemctl stop nginx 

Once you installed the certbot package, you can run the command in SSH console and follow the instructions:

certbot certonly --standalone -d <YOUR_DOMAIN> --email <YOUR_EMAIL_ADDRESS>

At the end of the process, your certificate, private key, and LE chain will be installed to /etc/letsencrypt/live/<YOUR_DOMAIN> directory.

Install the certificate

Copy the generated private key and certificate to the default directory (used by Asterisk and Nginx):

cp /etc/letsencrypt/live/<YOUR_DOMAIN>/privkey1.pem /etc/ssl/private/motion.key
cp /etc/letsencrypt/live/<YOUR_DOMAIN>/fullchain1.pem /etc/ssl/certs/motion.crt

Restart services

Restart Asterisk and Nginx services in order to apply changes:

systemctl restart asterisk
systemctl start nginx


  • No labels