Secure Shift with Let's Encrypt


Let’s Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. It simplifies the process by providing a software client, certbot, that attempts to automate most (if not all) of the required steps.

In this tutorial, I will show you how to use the free-ssl script to obtain and renew a free SSL certificate and use it with Shift on Ubuntu 16.04.


To complete this tutorial, you will need:

  • To have a working Shift instance
  • Your own domain. You can get a free one for one year at dot.tk
    • Your domain will look something like this –> subdomain.domain.tk
  • An A Record that points your domain to the public IP address of your server
  • To know your network interface
    • Run ifconfig and write it down (normally it is eth0, eth1, eth2, ens1, ens2, ens3…)


First of all you’ll need to clone the GitHub repository to your server:

cd ~
git clone https://github.com/nytrobound/free-ssl.git
cd free-ssl

To generate and install the trusted SSL certificate, run: bash installssl.sh
The script will guide you through the installation process.


renewssl.sh checks the expiring date of your certificate and renew it, if the expiration date is less than 30 days. However, you will need to add a cronjob with crontab -e to automatically execute the script.

Make sure to replace $SSLUSER with the username you ran the script on!

Example:* 12 * * WED bash /home/$SSLUSER/free-ssl/start_renew.sh >> /home/$SSLUSER/free-ssl/logs/cron.log

This cronjob checks and renews your SSL certificate every Wednesday at 12pm.

You can also use Crontab Generator to generate a custom cronjob.



