Challenge - 5 Problems

🎖️

Let's Encrypt Mastery

Get all challenges correct to earn this badge!

Test your skills under time pressure!

💻 Command Output

intermediate

2:00remaining

What is the output of the Certbot command for obtaining a certificate?

You run the command sudo certbot certonly --nginx -d example.com. What output indicates a successful certificate issuance?

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Error: Could not bind to port 80.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Certificate request pending approval.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer None
Obtaining a new certificate
Successfully received certificate.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Failed authorization procedure.

Attempts:

2 left

❓ Configuration

intermediate

2:00remaining

Which nginx server block configuration correctly enables HTTPS with Let's Encrypt certificate?

Given you have obtained certificates stored in /etc/letsencrypt/live/example.com/, which server block correctly configures nginx for HTTPS?

server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /etc/letsencrypt/live/example.com/cert.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    location / {
        root /var/www/html;
    }
}

server {
    listen 80 ssl;
    server_name example.com;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    location / {
        root /var/www/html;
    }
}

server {
    listen 443;
    server_name example.com;
    ssl_certificate /etc/letsencrypt/live/example.com/cert.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/key.pem;
    location / {
        root /var/www/html;
    }
}

server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    location / {
        root /var/www/html;
    }
}

Attempts:

2 left

❓ Troubleshoot

advanced

2:00remaining

Why does Certbot fail with 'Could not bind to port 80' error?

You run sudo certbot certonly --standalone -d example.com but get an error about binding to port 80. What is the most likely cause?

AThe firewall is blocking outgoing connections from Certbot.

BAnother service like nginx is already using port 80, blocking Certbot's standalone server.

CThe domain name is not correctly pointed to your server's IP address.

DThe SSL certificate files are missing from /etc/letsencrypt/live.

Attempts:

2 left

🔀 Workflow

advanced

2:00remaining

What is the correct renewal workflow for Let's Encrypt certificates with nginx and Certbot?

Which sequence correctly describes the steps to renew certificates automatically with Certbot and nginx?

1. Run &lt;code&gt;certbot renew&lt;/code&gt; manually or via cron
2. Certbot renews certificates if near expiry
3. Reload nginx to apply renewed certificates

1. Stop nginx
2. Run &lt;code&gt;certbot certonly --standalone&lt;/code&gt;
3. Start nginx

1. Delete old certificates
2. Run &lt;code&gt;certbot certonly --nginx&lt;/code&gt;
3. Restart nginx

1. Run &lt;code&gt;certbot --nginx&lt;/code&gt; every day
2. Reload nginx if certificates changed

Attempts:

2 left

✅ Best Practice

expert

3:00remaining

Which practice ensures secure and reliable automatic renewal of Let's Encrypt certificates with nginx?

Choose the best practice for automatic certificate renewal and nginx configuration to avoid downtime and security risks.

AUse Certbot's systemd timer for automatic renewal and configure nginx with a separate server block for HTTP to redirect to HTTPS.

BManually run Certbot renew weekly and restart nginx only if errors occur.

CDisable automatic renewal and renew certificates only when nginx shows SSL errors.

DUse Certbot standalone mode with nginx running and rely on manual reloads after renewal.

Attempts:

2 left