Certbot: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 59: | Line 59: | ||
* More SSL config advice here: https://mozilla.github.io/server-side-tls/ssl-config-generator/ | * More SSL config advice here: https://mozilla.github.io/server-side-tls/ssl-config-generator/ | ||
* Test with this: | * Test automated certificate renewal with this: | ||
<pre> | <pre> | ||
sudo certbot renew --dry-run | sudo certbot renew --dry-run | ||
</pre> | </pre> | ||
Revision as of 20:01, 29 November 2018
certbot connects to Let's Encrypt to obtain an SSL certificate for your server.
- Install packages
sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-nginx
- Create the file
/etc/nginx/snippets/ssl-certbot.conf:
# support for certbot ssl auto-renewal
location ^~ /.well-known/ {
default_type "text/plain";
root /var/www/html/;
}
- Create the well-known directory for verification:
mkdir -p /var/www/html/.well-known
- Include the following line in the ssl config for each domain:
include snippets/ssl-certbot.conf;
- Test with
nginx -t
- Reload nginx
- Now run a command like this:
certbot certonly --webroot --webroot-path=/var/www/html \ -d example.com \ -d domain1.example.com \ -d domain2.example.com
You should get some output about where the ssl cert and key are located.
- Add new ssl config snippet like this at
/etc/nginx/snippets/example.com:
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
- Call this snippet from your nginx config:
include snippets/example.com
- Test at SSL Labs: https://www.ssllabs.com/ssltest/
- More SSL config advice here: https://mozilla.github.io/server-side-tls/ssl-config-generator/
- Test automated certificate renewal with this:
sudo certbot renew --dry-run