LetsEncrypt with Nginx on Debian
To setup letsencrypt with Nginx, first you will need to install prerequisites
apt-get update
apt-get install nano
Get the letsencrypt certificate file, and run it
cd /usr/local/sbin
wget https://dl.eff.org/certbot-auto
If you haven't already, install Nginx
apt-get update
apt-get install nginx
Make the letsencrypt client file executable
chmod a+x /usr/local/sbin/certbot-auto
Add the .well-known directory to your nginx configuration to make sure it will be accessible to the letsencrypt client
nano /etc/nginx/sites-available/default
Adding the following location line to the server block in your Nginx configuration
location ~ /.well-known {
allow all;
}
Restart Nginx
service nginx restart
Generate the SSL certificate using the letsencrypt client
Change --webroot path if needed and change example.com and www.example.com to your domain
certbot-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d example.com -d www.example.com
If everything was successful, you should end up seeing something like this
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/example.com/fullchain.pem. Your
cert will expire on 2017-01-03. To obtain a new or tweaked version
of this certificate in the future, simply run certbot-auto again.
To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
To add the SSL certificate to your website, you will again need to edit the configuration file
nano /etc/nginx/sites-available/default
Find the server block, and comment out the lines that configure the server to listen on port 80.
Next, you will need to configure your server to listen on port 443. (Note: Edit all instances of example.com to your own domain)
listen 443 ssl;
server_name example.com www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
Now restart nginx to load the new SSL Certs,
service nginx restart
To renew your certificates, you can run
certbot-auto renew
CrownCloud - Get a SSD powered KVM VPS at $4.5/month!
Use the code WELCOME
for 10% off!
1 GB RAM / 25 GB SSD / 1 CPU Core / 1 TB Bandwidth per month
Available Locations: LAX | MIA | ATL | FRA | AMS