Instalar certificados de Let's Encrypt - Free SSL/TLS Certificates en Debian / Ubuntu

Activamos ssl para apache:

a2enmod ssl

Añadimos a nuestro site la configuración correcta:

...
<VirtualHost *:443>
        ServerAdmin keopx@keopx.net
        ServerName www.keopx.net
        DocumentRoot /var/www/keopx.net/docroot
        <Directory /var/www/keopx.net/docroot/>
                # Options FollowSymLinks
                Options SymLinksIfOwnerMatch
                AllowOverride All
                Require all granted
        </Directory>
        ErrorLog /var/log/apache2/error.log
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
        CustomLog /var/log/apache2/access.log combined
        ServerSignature On
        SSLCertificateFile /etc/letsencrypt/live/www.keopx.net/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/www.keopx.net/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>

<VirtualHost *:80>
    ServerName keopx.net
    Redirect 301 / http://www.keopx.net/
</VirtualHost>
....

Procedemos a instalar letsencrypt:

cd /opt
git clone https://github.com/certbot/certbot.git letsencrypt

Configuramos letsencrypt:

nano /etc/letsencrypt/keopx.ini

authenticator = webroot
webroot-path = /var/www/keopx.net/docroot
renew-by-default
agree-dev-preview
agree-tos
email = keopx@keopx.net

Procedemos a crear el certificado (duran 3 meses):

/opt/letsencrypt/certbot-auto --config /etc/letsencrypt/keopx.ini --user-agent letsencrypt-ubuntu-webroo -d www.keopx.net certonly

Ahora es necesario reiniciar apache:

service apache2 reload

Automatizar renovaciones automáticas:

crontab -e

6       0       1       *       *       /opt/letsencrypt/certbot-auto --config /etc/letsencrypt/phpmyadmin.isarea.ini --user-agent letsencrypt-ubuntu-webroot -d phpmyadmin.isarea.com certonly && service apache2 reload