Skip to content

Instantly share code, notes, and snippets.

@BarbaraEster
Created July 5, 2018 20:03
Show Gist options
  • Save BarbaraEster/69d5187ec2546344b87de4c32360c773 to your computer and use it in GitHub Desktop.
Save BarbaraEster/69d5187ec2546344b87de4c32360c773 to your computer and use it in GitHub Desktop.
Please deploy a DNS TXT record under the name
_acme-challenge.myselfinmylife.com with the following value:
O8iAw0N2GgmdeKRU6A6UvAA3hCPrZtq3m1FAILL1Fgg
Before continuing, verify the record is deployed.
-------------------------------------------------------------------------------
Press Enter to Continue
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/myselfinmylife.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/myselfinmylife.com/privkey.pem
Your cert will expire on 2018-10-03. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
root@on3w-cool:/# cd /etc/letsencrypt/live/myselfinmylife.com
root@on3w-cool:/etc/letsencrypt/live/myselfinmylife.com# ls
cert.pem chain.pem fullchain.pem privkey.pem README
root@on3w-cool:/etc/letsencrypt/live/myselfinmylife.com# cd /usr/local/bin
root@on3w-cool:/usr/local/bin# wget https://raw.githubusercontent.com/lesaff/serverpilot-letsencrypt/master/sple.sh
--2018-07-05 19:51:39-- https://raw.githubusercontent.com/lesaff/serverpilot-letsencrypt/master/sple.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.4.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.4.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 8984 (8.8K) [text/plain]
Saving to: ‘sple.sh’
sple.sh 100%[===========================================================================================>] 8.77K --.-KB/s in 0s
2018-07-05 19:51:39 (41.1 MB/s) - ‘sple.sh’ saved [8984/8984]
root@on3w-cool:/usr/local/bin# sudo chmod a+x sple.sh
root@on3w-cool:/usr/local/bin# sple.sh
Let's Encrypt is not installed/found. Would you like to continue to install it?
Y or Ny
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [107 kB]
Hit:2 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial InRelease
Hit:3 http://archive.ubuntu.com/ubuntu xenial InRelease
Get:4 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]
Ign:5 https://download.serverpilot.io/ubuntu xenial InRelease
Hit:6 https://download.serverpilot.io/ubuntu xenial Release
Get:8 http://archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB]
Get:9 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [804 kB]
Get:10 http://archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages [733 kB]
Get:11 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [641 kB]
Get:12 http://archive.ubuntu.com/ubuntu xenial-updates/universe i386 Packages [585 kB]
Get:13 http://archive.ubuntu.com/ubuntu xenial-updates/universe Translation-en [258 kB]
Get:14 http://archive.ubuntu.com/ubuntu xenial-updates/multiverse amd64 Packages [16.4 kB]
Get:15 http://archive.ubuntu.com/ubuntu xenial-updates/multiverse i386 Packages [15.5 kB]
Fetched 3,374 kB in 2s (1,559 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-headers-4.4.0-116 linux-headers-4.4.0-116-generic linux-image-4.4.0-116-generic linux-image-extra-4.4.0-116-generic
Use 'sudo apt autoremove' to remove them.
The following NEW packages will be installed:
letsencrypt
0 upgraded, 1 newly installed, 0 to remove and 7 not upgraded.
Need to get 5,546 B of archives.
After this operation, 13.3 kB of additional disk space will be used.
Get:1 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 letsencrypt all 0.25.0-1+ubuntu16.04.1+certbot+1 [5,546 B]
Fetched 5,546 B in 0s (26.2 kB/s)
Selecting previously unselected package letsencrypt.
(Reading database ... 137132 files and directories currently installed.)
Preparing to unpack .../letsencrypt_0.25.0-1+ubuntu16.04.1+certbot+1_all.deb ...
Unpacking letsencrypt (0.25.0-1+ubuntu16.04.1+certbot+1) ...
Setting up letsencrypt (0.25.0-1+ubuntu16.04.1+certbot+1) ...
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Let's Encrypt SSL Certificate Generator
For ServerPilot-managed server instances
Written by Rudy Affandi (2016)
https://github.com/lesaff/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Please enter your app name:
myselfinmylife
Please enter the System User name for the app:
serverpilot
Please enter all the domain names and sub-domain names
you would like to use, separated by space
myselfinmylife.com myselfinmylife.com
Generating SSL certificate for myselfinmylife
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Cert not yet due for renewal
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/myselfinmylife.com.conf)
What would you like to do?
-------------------------------------------------------------------------------
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Keeping the existing certificate
-------------------------------------------------------------------------------
Certificate not yet due for renewal; no action taken.
-------------------------------------------------------------------------------
Creating configuration file /etc/nginx-sp/letsencrypt.d/letsencrypt-acme-challenge.conf for ACME
location ~ /\.well-known\/acme-challenge {
allow all;
}
location = /.well-known/acme-challenge/ {
return 404;
}
Creating configuration file for myselfinmylife in the /etc/nginx-sp/vhosts.d
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name
myselfinmylife.com myselfinmylife.com ;
ssl on;
# letsencrypt certificates
ssl_certificate /etc/letsencrypt/live/myselfinmylife.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myselfinmylife.com/privkey.pem;
#SSL Optimization
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:20m;
ssl_session_tickets off;
# modern configuration
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response
ssl_trusted_certificate /etc/letsencrypt/live/myselfinmylife.com/chain.pem;
#root directory and logfiles
root /srv/users/serverpilot/apps/myselfinmylife/public;
access_log /srv/users/serverpilot/log/myselfinmylife/myselfinmylife_nginx.access.log main;
error_log /srv/users/serverpilot/log/myselfinmylife/myselfinmylife_nginx.error.log;
#proxyset
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto $scheme;
#includes
include /etc/nginx-sp/vhosts.d/myselfinmylife.d/*.conf;
include /etc/nginx-sp/letsencrypt.d/*.conf;
}
We're almost done here. Opening HTTPS Port and Restarting nginx...
Rule added
Rule added (v6)
Your Let's Encrypt SSL certificate has been installed. Please update your .htaccess to force HTTPS on your app
To enable auto-renewal, add the following to your crontab:
0 */12 * * * letsencrypt renew && service nginx-sp reload
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment