Renewing Free LetsEncrypt SSL Certificates

A few days ago, I received an email from LetsEncrypt letting me know that it was time to renew my free SSL certificates.

I tried re-running the tool in order to renew the certificates which seemed to work, but then I received this email; <> Sat, Feb 20, 2016 at 10:15 PM


[ Note: This message is from the Let’s Encrypt staging environment. It likely is not relevant to any live web site. ]

You issued a testing cert (not a live one) from Let’s Encrypt staging environment. This mail takes the place of what would normally be a renewal reminder, but instead is demonstrating delivery of renewal notices. Have a nice day!

DNS Names:
Expiration Date: 02 Mar 16 03:36 +0000)
Days to Expiration: 9

For any questions or support, please visit Unfortunately, we can’t provide support by email.
If you are receiving this email in error, unsubscribe at [REMOVED]. (HTTP link, we know. We’re working on it!)

The Let’s Encrypt Team

It seems my attempt to use the same tool to renew was not the correct way to go about it. I went looking for tutorials online and eventually found the command letsencrypt-auto renew. It seems too easy! It took just a few seconds to renew all the certs that were going to expire.

Official Documentation suggests using the following script to automate this process;
if ! /path/to/letsencrypt-auto renew > /var/log/letsencrypt/renew.log 2>&1 ; then
echo Automated renewal failed:
cat /var/log/letsencrypt/renew.log
exit 1
apachectl graceful

I created this bash script and added it to the crontab with 0 0 * * 0 root bash /root/letsencrypt/

Now it should be checking automatically on a weekly basis!

Updated Comprehensive VPS Setup Documentation

Building a VPS requires lots of complex steps, and these steps change over time.

The time has come to create comprehensive, consolidated documentation for how I setup these machines. Many of these steps are optional.

  1. Deploy A New VPS With Digital Ocean
  2. FQDN DNS Setup With Godaddy
  3. Recommended Initial Installations
  4. Setup Email Server
  5. Create a VirtualHost
  6. Setup Free SSL With LetsEncrypt
  7. Automate Database Backups
  8. Install Webmin

And then you are golden!

VPS Setup: Automated Database Backups

This is a subpost of the larger post Updated Comprehensive VPS Setup Documentation.


Create a new directory for the backups;

mkdir /var/backups/mysql


I added the following line to /etc/crontab in order to facilitate automatic database backups;
0 22 * * * root /usr/bin/mysqldump -uroot -i[MySQL Root Password] [MySQL Database Name] | gzip > /var/backups/mysql/mysql-backup-$( date +'\%Y-\%m-\%d_\%H-\%M-\%S' ).sql.gz

VPS Setup: Install Free SSL From LetsEncrypt

This is a subpost of the larger post Updated Comprehensive VPS Setup Documentation.


LetsEncypt allows us to setup free SSL certificates for our virtualhosts.

First, make sure you are in your root home directory “/~” and then clone the LetsEncrypt git repository;

git clone

Enter the directory cd letsencrypt

And run the automatic script ./letsencrypt-auto --apache

It will ask which virtual hosts you want to install certificates for, and then it does all the work for you!


When you need to renew these, check out my tutorial Renewing Free LetsEncrypt SSL Certificates.

VPS Setup: Create A Virtual Host

This is a subpost of the larger post Updated Comprehensive VPS Setup Documentation.


Once you have your FQDN forwarded to the VPS, create a directory for it with;

mkdir /var/www/[fqdn]/

Now we make a new virtualhost conf file with this command. Again, substitute your fqdn;

cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/[fqdn].conf

Then edit the file with nano /etc/apache2/sites-available/[fqdn].conf

It needs to contain the following;

	ServerName [fqdn]

	DocumentRoot /var/www/[fqdn]/

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

Activate the new virtualhost with a2ensite [fqdn] and if you haven’t already done this, deactivate the default virtualhost with a2dissite 000-default.conf

Restart apache with service apache2 restart so the changes take effect.


Automated Backups

If you want to setup automated backups, create a new directory for the backups;

mkdir /var/backups/[fqdn]


Add the following line to /etc/crontab in order to facilitate automatic daily backups;
0 22 * * * root tar -cf /var/backups/[fqdn]/www-backup-$( date +'\%Y-\%m-\%d_\%H-\%M-\%S' ).gz /var/www/[fqdn]


Or if you would prefer weekly updates every Sunday night, use this instead;

0 0 * * 0 root tar -cf /var/backups/[fqdn]/www-backup-$( date +'\%Y-\%m-\%d_\%H-\%M-\%S' ).gz /var/www/[fqdn]

VPS Setup: Email Server

This is a subpost of the larger post Updated Comprehensive VPS Setup Documentation.


Many of my apps send lots of emails, so I usually need to setup a local outbound email server.

Secure the port with iptables -A INPUT -i eth0 -j REJECT -p tcp --dport 25

Install postfix for the server apt-get -y install postfix && apt-get -y install mailutils

Now edit the config files and change the interface to loopback-only like so;

nano /etc/postfix/

Find this line;

inet_interfaces =

And change to;

inet_interfaces =

Now edit the email aliases;

nano /etc/aliases

At the end of the file, make sure there is a line that starts with root and ends with your email, like so;


Save the file and exit. Then run newaliases to let Postfix apply the changes.

Restarting Postfix is not enough because we changed the interfaces line in the config file. We need to stop and start it like so;

postfix stop
postfix start

VPS Setup: Recommended Initial Installations

This is a subpost of the larger post Updated Comprehensive VPS Setup Documentation.


When initially setting up a VPS, I generally install the programs listed below. Before installing anything, it is important to first update and upgrade all packages already installed on the server with apt-get update && apt-get upgrade

  1. First, install Fail2Ban in order to prevent bruteforcing of SSH passwords
  2. Install Apache2
  3. Install MySQL Server
  4. Install PHP and its dependencies for MySQL and PHPMyAdmin
  5. Performance Tools
    1. Screenfetch lets you see system information
    2. Htop lets you see details about resource usage
    3. Nload lets you see details about network utilization
  6. NTP makes sure the time is kept up to date
  7. Git tracks changes in files and is required for LetsEncrypt

This command will do all of these things without prompting in between;

apt-get -y install fail2ban apache2 && apt-get -y install mysql-server && apt-get -y install php5 php-pear php5-mysql && apt-get -y install php5-mcrypt && php5enmod mcrypt && a2enmod rewrite && apt-get -y install php5-curl && service apache2 restart && mysql_secure_installation && apt-get -y install phpmyadmin && apt-get -y install screenfetch htop nload curl git ntp

You will be prompted to create a MySQL root password. PHPMyAdmin setup will ask you for this password, as will the MySQL Secure Installation tool.

VPS Setup: FQDN DNS Setup With GoDaddy

This is a subpost of the larger post Updated Comprehensive VPS Setup Documentation.


Once you have a VPS deployed and know its static IP, you can forward a FQDN to it by creating a new A Record. I use GoDaddy for my DNS registration because they are simple, reliable, and quick.

  1. In order to do this with GoDaddy, log into your account
  2. Next to “Domains” click on “Manage”
  3. Click on the domain you want to forward. If you want to forward a subdomain, click on the domain it will be a subdomain of
  4. Click over to the “DNS ZONE FILE” tab
  • If you are trying to forward a subdomain
    1. Click “Add Record”
    2. We want to create an “A Record”
    3. Use the subdomain as the hostname and then the static IP of the server as the “POINTS TO”
    4. Save changes
  • If you are trying to forward a domain
    1. Edit the record for the “@” host and point it to the static IP following the same directions as above.

VPS Setup: Deploying A New Virtual Private Server With Digital Ocean

This is a subpost of the larger post Updated Comprehensive VPS Setup Documentation.


I like Digital Ocean (Referral Link) for my VPS host.

The first step in creating a new VPS is to select a Linux distribution. I always use the most current version of Debian. At the time of this post, that is version 8.3 x64.

Decide on an FQDN and use it as the hostname and hit deploy!

It should take about a minute and then you will receive an email with the temporary root password. Use putty to log in, and you will be prompted to change it.

Make sure to choose a root passsword with a high level of entropy.