SHARE

I recently noticed that let’s Encrypt has new tool to renew ssl certs. 

if you can see:
https://github.com/letsencrypt/letsencrypt

redirect to:

https://github.com/certbot/certbot

so we have to migrate from old tool to new tool to renovate ssl certs. here it goes:

first deactivate nginx and varnish if you have activated

service nginx stop

(optional)
service varnish stop

make a backup of your nginx files inside on the next dir:

/etc/nginx/sites-available
/etc/nginx/sites-enabled

then delete files inside them

remove letsencrypt folders

rm -rf /opt/letsencrypt

rm -rf /etc/letsencrypt

now installing cerbot
sudo add-apt-repository ppa:certbot/certbot

then update
sudo apt update

finally install nginx package for cerbot
sudo apt install python-certbot-nginx

you will have to generate:
sudo certbot --nginx -d example.com -d www.example.com

regenerate nginx files
#copy to site enabled
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/example.com

then restart nginx
service nginx restart

then create bash file to renew ssl automatically:

#!/bin/bash

echo "starting to renew..."

#stop nginx and varnish

echo "stop nginx and varnish..."

service nginx stop

service varnish stop

#renew ssl

echo "letsencrypt auto renew goes..."

sudo certbot renew --dry-run

#restart nginx and varnish

echo "restart nginx and varnish..."

service nginx restart

service varnish restart

and add file to cron:
crontab -e

then add the next line
0 0 1 * * /yourdir/file.sh

it will execute the file every month

I hope it will be helpfull for someone else

ref:https://www.digitalocean.com/community/tutorials/como-asegurar-nginx-con-let-s-encrypt-en-ubuntu-18-04-es