Lego – LetsEncrypt client

Lego is a Let’s Encrypt client and ACME library written in Go.

Install Lego

To install go to the release page, download the latest version.

Create SSL certificate

To create an SSL certificate standalone (built-in webserver), run

If you need to verify using port 443, use “–tls” instead of “–http”

Verify SSL using webroot (existing webserver)

Issue Wildcard SSL using manual DNS verification

Renew SSL certificate

To renew the SSL certificate, use the same command as SSL creation with “run” replaced with

–days 30 means SSL will be renewed if the expiry date is with 30 days. If you need to force renew SSL, use –days 90.

Now run

You need to restart the webserver after running this command.

Renew Hook

If you need to execute a script after SSL renewal, you can add


If you are using the standalone method, you need to stop the webserver before running the lego command.

SSL certificates will be in the directory

Make it readable by the web server with the command

See letsencrypt

Need help with Linux Server or WordPress? We can help!

Leave a Reply

Your email address will not be published. Required fields are marked *