Free SSL Certificate with Let's Encrypt

1. Install git
apt-get install git

2. Create Let's Encrypt source directory
mkdir /opt/letsencrypt

3. Clone source of Let's Encrypt
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

4. Stop web server (apache, tomcat, nginx...) because they can cause of port 443 error

5. Create certificate for specified domain
cd /opt/letsencrypt 
./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

6. All certificates have created in /etc/letsencrypt/live

7. Config fullchain.pem for certificate file, privkey.pem for key file

For HaProxy, create .pem file
cat fullchain.pem privkey.pem > secure.pem

By default, Let's Encrypt issue certificate valid for 90 days, so we need config automatically renew it

1. create auto_renew_cert.sh file as below:
cd /opt/letsencrypt
git pull
service nginx stop
./letsencrypt-auto certonly --quiet --standalone --renew-by-default -d example.com
service nginx start

2.  execute it in crontab monthly
echo '@monthly root sh /root/auto_renew_cert.sh >> /var/log/letsencrypt/letsencrypt-auto-update.log' | sudo tee --append /etc/crontab