blockloop · April 3, 2016 14:18
diff --git a/crontab b/crontab
 0 3 1 * *       /var/www/_utils/update_certs.sh > /dev/null
diff --git a/default-site b/default-site
 # nginx config for default site
 # i.e. /etc/nginx/sites-enabled/default

 server {
    server_name  *.blockloop.io;
    listen 443 ssl spdy;
    spdy_headers_comp 6;
    spdy_keepalive_timeout 300;
    keepalive_timeout 300;
    ssl_certificate /etc/letsencrypt/live/www.blockloop.io/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.blockloop.io/privkey.pem;
    ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 24h;
    ssl_stapling on;
    ssl_stapling_verify on;
    rewrite ^ https://www.blockloop.io$request_uri? permanent;
 }
diff --git a/update_certs.sh b/update_certs.sh
 #!/bin/sh

 cd /opt/letsencrypt

 service nginx stop && \
 ./letsencrypt-auto certonly --agree-tos --renew-by-default -d blockloop.io -d blog.blockloop.io -d www.blockloop.io; \
 service nginx start
	# nginx config for default site
	# i.e. /etc/nginx/sites-enabled/default

	server {
	server_name *.blockloop.io;
	listen 443 ssl spdy;
	spdy_headers_comp 6;
	spdy_keepalive_timeout 300;
	keepalive_timeout 300;
	ssl_certificate /etc/letsencrypt/live/www.blockloop.io/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/www.blockloop.io/privkey.pem;
	ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;
	ssl_prefer_server_ciphers on;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 24h;
	ssl_stapling on;
	ssl_stapling_verify on;
	rewrite ^ https://www.blockloop.io$request_uri? permanent;
	}
	#!/bin/sh

	cd /opt/letsencrypt

	service nginx stop && \
	./letsencrypt-auto certonly --agree-tos --renew-by-default -d blockloop.io -d blog.blockloop.io -d www.blockloop.io; \
	service nginx start