First, set up your cert directory
$ mkdir /var/www/dehydrated
$ cd /var/www/dehydrated
Download dehydrated, and make it runnable.
$ wget https://raw.githubusercontent.com/lukas2511/dehydrated/master/dehydrated
$ chmod u+x dehydrated
Add a location block to your example.com nginx config pointing to the dehydrated directory (goes inside the server{} block)
location ^~ /.well-known/acme-challenge {
alias /var/www/dehydrated;
}Restart nginx
$ service nginx restart
Now run the script with your domain
$ ./dehydrated -c -d example.com
Congratulations, you have some certs.
Go back to your example.com nginx config, add the certs and 301 redirect http requests.
# Redirect all http traffic
server {
listen 80;
sever_name example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
root /var/www/example.com;
index index.html index.htm;
server_name example.com;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_certificate /var/www/dehydrated/certs/example.com/fullchain.pem;
ssl_certificate_key /var/www/dehydrated/certs/example.com/privkey.pem;
location ^~ /.well-known/acme-challenge {
alias /var/www/dehydrated;
}
}Restart nginx
$ service nginx restart
You're done!