In April 2016, the non-profit certificate authority Let’s Encrypt launched, providing free SSL certificates for websites.
certbot renew
certbot certificates
challenges: http-01
certbot –nginx
/etc/letsencrypt/live/<domain name>
- privkey.pem, which is the private key for your certificate
- fullchain.pem, which is the certificate file
- chain.pem, which is used or OCSP stapling in Nginx >= 1.3.7
- cert.pem, which break many server configurations and shouldn’t be used