- Register domain and add your email now
- Introduction to Basic Concepts
- Create a login keypair
- Get a server (Digital Ocean)
- Point the domain at your server (an A Record)
- Log in and install stuff
- Buy the certificate with SSLMate
- Tell nginx to serve that domain and your certificate
- You did it
- Some advanced configuration
- In conclusion
Recommended: iwantmyname.
Preference: a .com.
Can't use: a .org, .io, or .voyage. Possibly others.
ssh-keygen
- Digital Ocean
- Upload your keypair.
- Make a new droplet with your hostname.
- Find the IP address.
- Go to your DNS provider and point your A record to it.
Log in with the private key you made, to the IP address you made:
ssh -i /path/to/key [email protected]Install nginx:
add-apt-repository ppa:nginx/stable
apt-get update
apt-get -y install nginxwget -P /etc/apt/sources.list.d https://sslmate.com/apt/ubuntu1404/sslmate.list
wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/ubuntu1404/sslmate.gpg
apt-get update
apt-get -y install sslmatesslmate buy [yourdomain.com]Download the example config:
cd /etc/nginx/sites-enabled
wget https://gist.githubusercontent.com/konklone/eed13074734b46f901a4/raw/0013afd16864c1600130255b4ba4debdfd7e8a8c/mysite.confEdit it to add your domain and key path:
nano mysite.confMake a little landing page.
cd /usr/share/nginx/html
rm index.html
nano index.htmlCheck it's okay:
nginx -tRestart nginx:
service nginx restart
-
Advanced nginx SSL config options.
-
Making the key and CSR yourself:
openssl genrsa -aes256 -out my-private-encrypted.key 2048
openssl rsa -in my-private-encrypted.key -out my-private-decrypted.key
openssl req -new -sha256 -key my-private-decrypted.key -out mydomain.com.csr- Getting the cert through a traditional CA, e.g. Namecheap domain certificates..
- CloudFlare
- Amazon S3
- GitHub Pages
Also see letsencrypt if you want to take it a step further and generate your own ssl keys...
https://github.com/dlapiduz/letsencrypt-s3front