Installing LetsEncrypt
First You need to run commands below.
sudo apt-get update sudo apt-get -y install git bc sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt |
Run this once and complete installation.
/opt/letsencrypt/letsencrypt-auto |
Configuring default website for webroot plugin
To use webroot plugin need to edit default website config and change location block. Letsencrypt use this site as validation.
sudo vi /etc/nginx/sites-available/default |
location ~ /.well-known { allow all; } |
Reload nginx configuration.
sudo service nginx reload |
Then you can request and create your certificate.
Getting Certificate
Following command creates your certifcate files. You need to change webroot-path and domain name with yours. webroot path should be your default website’s home directory.
cd /opt/letsencrypt ./letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d gokhanacar.net -d www.gokhanacar.net |
Follow wizard and complete steps.
After this Letsencrypt creates links of certificate files in /etc/letsencrypt/live/ folder.
Configure Nginx
add following lines to server block of your website configuration file listen 443 and use your ssl files.
listen 443 ssl; server_name gokhanacar.net www.gokhanacar.net; ssl on; ssl_certificate /etc/letsencrypt/live/gokhanacar.net/cert.pem; ssl_certificate_key /etc/letsencrypt/live/gokhanacar.net/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/gokhanacar.net/chain.pem; |
Renewing Certificate
Your certificate will be expire in 3 months. You can renew your certificates. If you want create a crontab and renew your certificates automaticly.
/opt/letsencrypt/letsencrypt-auto renew sudo service nginx reload |