Let's Encrypt + Nginx

lets_encrypt_nginx.txt

apt-get update

apt-get install nginx

wget https://dl.eff.org/certbot-auto

chmod a+x certbot-auto

./certbot-auto

server {
    listen 80;
    server_name domain.com www.domain.com;
    root /var/www/domain;
}

./certbot-auto certonly --webroot -w /var/www/domain -d domain.com -d www.domain.com

./certbot-auto renew --dry-run

./certbot-auto renew --quiet --no-self-upgrade 

crontab -e
0 0 12 1/89 * ? * /path/to/certbot-auto renew --quiet --no-self-upgrade

vim /etc/nginx/sites-enabled/default.conf

server {
    listen 80;
    listen 443 ssl;
    server_name domain.com www.domain.com;
    ssl_protocols TLSv1.2;
    ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers On;
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/domain.com/chain.pem;
    ssl_session_cache shared:SSL:128m;
    add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
    ssl_stapling on;
    ssl_stapling_verify on;

    root /var/www/domain;
    index index.html;

    location '/.well-known/acme-challenge' {
        root        /var/www/domain;
    }

    location / {
        if ($scheme = http) {
            return 301 https://$server_name$request_uri;
        }
    }
}