Examples of getting certificates from Let's Encrypt working on Apache, NGINX and Node.js servers.
I chose to use the manual method, you have to make a file available to verify you own the domain. Follow the commands from running
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto certonly --manual --email [email protected] -d example.com
This creates a directory: /etc/letsencrypt/live/example.com/
containing certificate files:
- cert.pem
- chain.pem
- fullchain.pem
- privkey.pem
var https = require('https');
var fs = require('fs');
var options = {
key: fs.readFileSync('/etc/letsencrypt/live/example.com/privkey.pem'),
cert: fs.readFileSync('/etc/letsencrypt/live/example.com/cert.pem'),
ca: fs.readFileSync('/etc/letsencrypt/live/example.com/chain.pem')
};
https.createServer(options, function (req, res) {
res.writeHead(200);
res.end("hello world\n");
}).listen(8000);
// variant for express
https.createServer(options, app)
.listen(config.port);
LoadModule ssl_module libexec/apache2/mod_ssl.so
Listen 443
<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/example.com/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/example.com/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/example.com/chain.pem"
</VirtualHost>
Create a config file at /etc/nginx/sites-available/example
:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}
Add a symbolic link:
$ sudo ln -s /etc/nginx/sites-available/example /etc/nginx/sites-enabled/example
And restart nginx:
$ sudo service nginx restart.