Skip to content

Instantly share code, notes, and snippets.

@thiagosf

thiagosf/certbot.md

Last active September 17, 2016 20:16
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save thiagosf/930a8484422e70eba978d0624f23251e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save thiagosf/930a8484422e70eba978d0624f23251e to your computer and use it in GitHub Desktop.
Download ZIP
Passos para novo certificado do https://certbot.eff.org
Raw
certbot.md

Passos para gerar certificado SSL gratuito

https://letsencrypt.org/getting-started/

Parar NGINX

service nginx stop

Gerar certificado

./certbot-auto certonly --standalone -d sub.dominio.com

Atualizar configuração do NGINX do domínio

server {
  listen 443 ssl;
  ssl_certificate /etc/letsencrypt/live/sub.dominio.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/sub.dominio.com/privkey.pem;
  # from https://cipherli.st/
  # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  ssl_ecdh_curve secp384r1;
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off;
  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 8.8.8.8 8.8.4.4 valid=300s;
  resolver_timeout 5s;
  # Disable preloading HSTS for now.  You can use the commented out header line that includes
  # the "preload" directive if you understand the implications.
  #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
  add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment