Official Tutorial

• Make sure letsencrypt-auto is executable (chmod +x letsencrypt-auto)
• Use the command ./letsencrypt-auto certonly -a manual -d YOURDOMAIN.org -d www.YOURDOMAIN.org for all subdomains you want to include.
• After a few screens, during which you’ll need to enter your email address, and give permission for you IP to be logged, you’ll be asked to add a page to your site.

Make sure your web server displays the following content at
http://YOURDOMAIN.org/.well-known/acme-challenge/5TBu788fW0tQ5EOwZMdu1Gv3e9C33gxjV58hVtWTbDM
before continuing:

5TBu788fW0tQ5EOwZMdu1Gv3e9C33gxjV58hVtWTbDM.ewlbSYgvIxVOqiP1lD2zeDKWBGEZMRfO_4kJyLRP_4U

\#
\# output omitted
\#

Press ENTER to continue

• Once you do that, you’ll be asked to enter another page, same as above. Once added you’ll have saved files in /etc/letsencrypt/live/YOURDOMAIN.org/fullchain.pem and /etc/letsencrypt/live/YOURDOMAIN.org/privkey.pem.
• Enter these values in your gitlab.io project. Settings (gear on the top right) > Pages > + New Domain.
• fullchaim.pem —> Certificate (PEM) | privkey.pem —> Key (PEM) | Do this for each (sub)domain you specified in Step 2.
• It might take a little while, but your updated certificate should start to show up in ~10-15 minutes.