Certbot

Certbot is a free, open source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.

Need to set up for certbot and autorenewal. So if you set up a new site you can just run:
certbot --nginx
And it’ll let you automatically generate and deploy the cert and it’ll ask if you want it to create the redirect from http —> https
You can also do something like:
certbot --nginx -d example.com -d www.example.com
sudo certbot --nginx -d sergiobasic.com -d www.sergiobasic.com

Or use the the simple approach

web-server:/var/www# certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: example1.com
2: example2.com
3: example3.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example1.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/example1.conf
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/example1.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled
https://example1.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example1.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example1.com/privkey.pem

Nginx ssl config

   ssl_certificate /etc/nginx/ssl/example1/example1_chain.crt;
   ssl_certificate_key  /etc/nginx/ssl/example1/example1.key;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
   ssl_prefer_server_ciphers   on;

   ssl_session_cache   shared:SSL:20m;
   ssl_session_timeout 60m;
   client_max_body_size 50M;
   #add_header Strict-Transport-Security "max-age=31536000";
   #add_header X-Content-Type-Options nosniff;

 

Was this article helpful?

Yes No

Related Articles

Leave A Comment?