Skip to content

Instantly share code, notes, and snippets.

@jbutko

jbutko/nginx-letsencrypt-autosetup.md

Last active July 24, 2018 06:46
Show Gist options
  • Save jbutko/6a32dd7ce5f15d36d545b59b630a3154 to your computer and use it in GitHub Desktop.
Save jbutko/6a32dd7ce5f15d36d545b59b630a3154 to your computer and use it in GitHub Desktop.
Download ZIP
Auto setup https on nginx with let's encrypt
Raw
nginx-letsencrypt-autosetup.md

HTTPS setup on Nginx server with Let's Encrypt

  1. download certbot tool: sudo git clone https://github.com/certbot/certbot /opt/certbot
  2. generate certs: sudo /opt/certbot/certbot-auto --nginx
  3. in the menu select domain for which you want to generate SSL certs
  4. in next menu select if you want http && https access to your site or https exclusively

That's all, your site is now running under https.

If you want to make https connection more secure generate 4096 DHA key (could take almost 20 minutes):

  1. sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
  2. include newly generated pem key in server configuration next to SSL configuration
server {
      ...
      ssl_dhparam /etc/ssl/certs/dhparam.pem;
      ...
}
  1. verify nginx syntax: sudo nginx -t
  2. restart nginx service: sudo service nginx restart

To autoupdate certificate create new cron record:

  1. sudo crontab -e
  2. check cert renew once per week 0 3 * * 1 /opt/certbot/certbot-auto --nginx renew --quiet --non-interactive >> /var/log/letsencrypt-renew.log

=======

If cert generate fails add these lines in your site's nginx config:

location ~ .well-known/acme-challenge/ {
      root /var/www/letsencrypt;
      default_type text/plain;
}

Alternative approach to get https certificates: sudo /opt/certbot/certbot-auto certonly --standalone -d www.site.com -d site.com

// inspiration: https://arashmilani.com/post?id=95

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment