Created
July 5, 2018 20:03
-
-
Save BarbaraEster/69d5187ec2546344b87de4c32360c773 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Please deploy a DNS TXT record under the name | |
_acme-challenge.myselfinmylife.com with the following value: | |
O8iAw0N2GgmdeKRU6A6UvAA3hCPrZtq3m1FAILL1Fgg | |
Before continuing, verify the record is deployed. | |
------------------------------------------------------------------------------- | |
Press Enter to Continue | |
Waiting for verification... | |
Cleaning up challenges | |
IMPORTANT NOTES: | |
- Congratulations! Your certificate and chain have been saved at: | |
/etc/letsencrypt/live/myselfinmylife.com/fullchain.pem | |
Your key file has been saved at: | |
/etc/letsencrypt/live/myselfinmylife.com/privkey.pem | |
Your cert will expire on 2018-10-03. To obtain a new or tweaked | |
version of this certificate in the future, simply run certbot | |
again. To non-interactively renew *all* of your certificates, run | |
"certbot renew" | |
- If you like Certbot, please consider supporting our work by: | |
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate | |
Donating to EFF: https://eff.org/donate-le | |
root@on3w-cool:/# cd /etc/letsencrypt/live/myselfinmylife.com | |
root@on3w-cool:/etc/letsencrypt/live/myselfinmylife.com# ls | |
cert.pem chain.pem fullchain.pem privkey.pem README | |
root@on3w-cool:/etc/letsencrypt/live/myselfinmylife.com# cd /usr/local/bin | |
root@on3w-cool:/usr/local/bin# wget https://raw.githubusercontent.com/lesaff/serverpilot-letsencrypt/master/sple.sh | |
--2018-07-05 19:51:39-- https://raw.githubusercontent.com/lesaff/serverpilot-letsencrypt/master/sple.sh | |
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.4.133 | |
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.4.133|:443... connected. | |
HTTP request sent, awaiting response... 200 OK | |
Length: 8984 (8.8K) [text/plain] | |
Saving to: ‘sple.sh’ | |
sple.sh 100%[===========================================================================================>] 8.77K --.-KB/s in 0s | |
2018-07-05 19:51:39 (41.1 MB/s) - ‘sple.sh’ saved [8984/8984] | |
root@on3w-cool:/usr/local/bin# sudo chmod a+x sple.sh | |
root@on3w-cool:/usr/local/bin# sple.sh | |
Let's Encrypt is not installed/found. Would you like to continue to install it? | |
Y or Ny | |
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [107 kB] | |
Hit:2 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial InRelease | |
Hit:3 http://archive.ubuntu.com/ubuntu xenial InRelease | |
Get:4 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB] | |
Ign:5 https://download.serverpilot.io/ubuntu xenial InRelease | |
Hit:6 https://download.serverpilot.io/ubuntu xenial Release | |
Get:8 http://archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB] | |
Get:9 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [804 kB] | |
Get:10 http://archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages [733 kB] | |
Get:11 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [641 kB] | |
Get:12 http://archive.ubuntu.com/ubuntu xenial-updates/universe i386 Packages [585 kB] | |
Get:13 http://archive.ubuntu.com/ubuntu xenial-updates/universe Translation-en [258 kB] | |
Get:14 http://archive.ubuntu.com/ubuntu xenial-updates/multiverse amd64 Packages [16.4 kB] | |
Get:15 http://archive.ubuntu.com/ubuntu xenial-updates/multiverse i386 Packages [15.5 kB] | |
Fetched 3,374 kB in 2s (1,559 kB/s) | |
Reading package lists... Done | |
Reading package lists... Done | |
Building dependency tree | |
Reading state information... Done | |
The following packages were automatically installed and are no longer required: | |
linux-headers-4.4.0-116 linux-headers-4.4.0-116-generic linux-image-4.4.0-116-generic linux-image-extra-4.4.0-116-generic | |
Use 'sudo apt autoremove' to remove them. | |
The following NEW packages will be installed: | |
letsencrypt | |
0 upgraded, 1 newly installed, 0 to remove and 7 not upgraded. | |
Need to get 5,546 B of archives. | |
After this operation, 13.3 kB of additional disk space will be used. | |
Get:1 http://ppa.launchpad.net/certbot/certbot/ubuntu xenial/main amd64 letsencrypt all 0.25.0-1+ubuntu16.04.1+certbot+1 [5,546 B] | |
Fetched 5,546 B in 0s (26.2 kB/s) | |
Selecting previously unselected package letsencrypt. | |
(Reading database ... 137132 files and directories currently installed.) | |
Preparing to unpack .../letsencrypt_0.25.0-1+ubuntu16.04.1+certbot+1_all.deb ... | |
Unpacking letsencrypt (0.25.0-1+ubuntu16.04.1+certbot+1) ... | |
Setting up letsencrypt (0.25.0-1+ubuntu16.04.1+certbot+1) ... | |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | |
Let's Encrypt SSL Certificate Generator | |
For ServerPilot-managed server instances | |
Written by Rudy Affandi (2016) | |
https://github.com/lesaff/ | |
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | |
Please enter your app name: | |
myselfinmylife | |
Please enter the System User name for the app: | |
serverpilot | |
Please enter all the domain names and sub-domain names | |
you would like to use, separated by space | |
myselfinmylife.com myselfinmylife.com | |
Generating SSL certificate for myselfinmylife | |
Saving debug log to /var/log/letsencrypt/letsencrypt.log | |
Plugins selected: Authenticator webroot, Installer None | |
Cert not yet due for renewal | |
You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry. | |
(ref: /etc/letsencrypt/renewal/myselfinmylife.com.conf) | |
What would you like to do? | |
------------------------------------------------------------------------------- | |
1: Keep the existing certificate for now | |
2: Renew & replace the cert (limit ~5 per 7 days) | |
------------------------------------------------------------------------------- | |
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 | |
Keeping the existing certificate | |
------------------------------------------------------------------------------- | |
Certificate not yet due for renewal; no action taken. | |
------------------------------------------------------------------------------- | |
Creating configuration file /etc/nginx-sp/letsencrypt.d/letsencrypt-acme-challenge.conf for ACME | |
location ~ /\.well-known\/acme-challenge { | |
allow all; | |
} | |
location = /.well-known/acme-challenge/ { | |
return 404; | |
} | |
Creating configuration file for myselfinmylife in the /etc/nginx-sp/vhosts.d | |
server { | |
listen 443 ssl http2; | |
listen [::]:443 ssl http2; | |
server_name | |
myselfinmylife.com myselfinmylife.com ; | |
ssl on; | |
# letsencrypt certificates | |
ssl_certificate /etc/letsencrypt/live/myselfinmylife.com/fullchain.pem; | |
ssl_certificate_key /etc/letsencrypt/live/myselfinmylife.com/privkey.pem; | |
#SSL Optimization | |
ssl_session_timeout 1d; | |
ssl_session_cache shared:SSL:20m; | |
ssl_session_tickets off; | |
# modern configuration | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_prefer_server_ciphers on; | |
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; | |
# OCSP stapling | |
ssl_stapling on; | |
ssl_stapling_verify on; | |
# verify chain of trust of OCSP response | |
ssl_trusted_certificate /etc/letsencrypt/live/myselfinmylife.com/chain.pem; | |
#root directory and logfiles | |
root /srv/users/serverpilot/apps/myselfinmylife/public; | |
access_log /srv/users/serverpilot/log/myselfinmylife/myselfinmylife_nginx.access.log main; | |
error_log /srv/users/serverpilot/log/myselfinmylife/myselfinmylife_nginx.error.log; | |
#proxyset | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-SSL on; | |
proxy_set_header X-Forwarded-Proto $scheme; | |
#includes | |
include /etc/nginx-sp/vhosts.d/myselfinmylife.d/*.conf; | |
include /etc/nginx-sp/letsencrypt.d/*.conf; | |
} | |
We're almost done here. Opening HTTPS Port and Restarting nginx... | |
Rule added | |
Rule added (v6) | |
Your Let's Encrypt SSL certificate has been installed. Please update your .htaccess to force HTTPS on your app | |
To enable auto-renewal, add the following to your crontab: | |
0 */12 * * * letsencrypt renew && service nginx-sp reload | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment