This guide shows you how to generate and renew free SSL certificates using Let's Encrypt and Certbot on Ubuntu for your wexCommerce deployment.

1. Prerequisites
2. Generate Your Certificate
3. Certificate Renewal
   3.1. Test Renewal
   3.2. Schedule Automatic Renewal
4. You're All Set!

1. Install NGINX:

sudo apt update
sudo apt install nginx-full

2. Install Certbot via Snap:

sudo apt update
sudo apt install snapd
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Run the following command to generate and install an SSL certificate using Certbot with NGINX:

sudo certbot --nginx -d domain.com -d www.domain.com -d admin.domain.com --redirect --non-interactive --agree-tos --email your-email@example.com --keep-until-expiring

• Replace domain.com with your domain.
• Replace your-email@example.com with your email.

Your frontend will be accessible at https://domain.com

Your admin panel will be accessible at https://admin.domain.com

To ensure HTTP requests are redirected to HTTPS and to allow Let's Encrypt challenges, add the following NGINX configuration:

server {
    listen 80;
    server_name _;

    # Serve Let's Encrypt challenges without redirect
    location ^~ /.well-known/acme-challenge/ {
        root /var/lib/letsencrypt;
        default_type "text/plain";
        allow all;
    }

    # Redirect everything else to HTTPS
    location / {
        return 301 https://$host$request_uri;
    }
}

Then check the configuration and restart NGINX:

sudo nginx -t
sudo systemctl restart nginx

To make sure certbot certificate renewal will work, create a test challenge file to ensure Certbot will work properly:

sudo mkdir -p /var/lib/letsencrypt/.well-known/acme-challenge
echo "ok" | sudo tee /var/lib/letsencrypt/.well-known/acme-challenge/test
curl http://domain.com/.well-known/acme-challenge/test

You should see ok in the output.

To test certificate renewal, run the following command:

sudo certbot renew --dry-run

To automatically renew certificates before expiration, edit the crontab::

sudo crontab -e

Add the following cron job:

00 00,12 * * * certbot renew --post-hook "systemctl restart nginx wexcommerce"

This cron job is scheduled to run Certbot twice daily and restart the nginx and wexcommerce services if certificates are renewed. It runs at 00:00 and 12:00 every day.

Your wexCommerce platform is now secured with HTTPS and automatically renews certificates before they expire. Be sure to monitor email notifications from Let's Encrypt in case of issues.