Secure Yii2 Project with Let’s Encrypt on Ubuntu 14.04

In this article, I want to provide you with a simple way to secure your site with Let’s Encrypt.

Let’s Encrypt is a new Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers.

Let’s assume that your site is made using Yii2 php framework, as HTTP server uses Nginx, and Ajenti for administrator servers, and GIT.

I will describe it on the example of Yii2 advanced project.

Let’s think that you have 2 sites:


This is a typical structure of Yii2 advanced project:


Step 1

  • Go to the folder /backend/web/  and create a folder .well-known;
  • in this folder create .gitignore file with the following content:


Do the same thing in the/frontend/web/ folder

Step 2

Open file /environments/index.php and add .well-known folder to the setWritable  section. It should work like this:


Step 3

Commit and push your changes to the server.

—- All next steps should be done on your VPS ——

Run command in the root project folder

php ./init –env=YourEnv –overwrite=All

Step 4

Clone Let’s Encrypt
sudo git clone /opt/letsencrypt

Step 5

Go to your Ajenti dashboard


Open tab Websites and click Manage


Open Advanced tab and add the following:

location ~ /.well-known {

                allow all;


Here’s what you’ll get, as a result:



Step 6

In VPS console go to folder cd /opt/letsencrypt and rub command

./letsencrypt-auto certonly -a webroot –webroot-path=/path/to/project/backend/web -d


./letsencrypt-auto certonly -a webroot –webroot-path=/path/to/project/ fronted /web -d

Following the prompt, enter an email address that will be used for notices and lost key recovery:


Then you must accept Let’s Encrypt Subscribe Agreement. Select ‘Agree’:


Step 7

Generate Strong Diffie-Hellman Group

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Step 8

Go back to Ajenti panel

And add SSL files to your site configurations


In the field ” SSL certificate path ” add path to the file

/etc/letsencrypt/live/ /fullchain.pem

and in the field “SSL key path” add path to the file

/etc/letsencrypt/live/ /privkey.pem

Same for site.

Step 9

Add CRON job, it is needed for Auto Renewal

Picture9 Picture11

CRON job

30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

35 2 * * 1 /etc/init.d/nginx reload


Now you can visit your sites



Enjoy 🙂

Insights from our Consulting Department

January 22, 2019
How To Convert Traffic into Sales with Lead Conversion Strategy
October 15, 2016
How to Create the Smartest Chatbot Ever With IBM Watson Services

Leave a Reply

Your email address will not be published. Required fields are marked *