Create Let's Encrypt Certificate in Alpine for Nginx

Securing Web sites with HTTPS protocol gives many advantages along with increasing rankings in search engine optimization (SEO). There are many Certificate Authority which provides SSL/TLS certificates. Some of them are free. Let's Encrypt is a reputable non-profit certificate authority providing certificates at no charge. Let's Encrypt is supported by Certbot software making a certificate creation in easy steps.

The sample is based on Alpine version 3.14.2 with Python 3.9.5 installed. Root user is used to run all commands below.

1. Install Python3 and Pip

Python is needed to run Certbot and install NGINX plugin.

apk add --update python3 py3-pip

2. Install Certbot

apk add certbot

3. Install NGINX plugin

pip install certbot-nginx

4. Generate certificate

certbot --nginx

Follow instructions to create a new certificate.

5. Renew certificate interactively

certbot renew

6. Renew certificate automatically

Validate if crontab service is running.
```
rc-service --list | grep -i crond
```
Output.
```
crond
```

If not running, run and enable crontab service.

rc-service crond start && rc-update add crond

Create script to automatically renew certificate.
The location is /etc/periodic/daily/renew_letsencrypt.
```
#!/bin/sh

python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo certbot renew -q
```
The script runs the certificate renewal every day between 2:00am - 3:00am. The certificate will be renewed in case if it is left less than 30 days until expiration date.

Make the script executable.

chmod a+x /etc/periodic/daily/renew_letsencrypt

Validate the script.

run-parts --test /etc/periodic/daily

Output.

/etc/periodic/daily/renew_letsencrypt

7. Monthly Upgrade certbot

It is important to keep Certbot software up-to-date.

Create a script with /etc/periodic/monthly/upgrade_certbot name.
```
#!/bin/sh

pip3 install --upgrade certbot-nginx
```