If you're running EasyEngine on an Nginx Server, follow these instructions to add your new Intercom custom help center domain to your server, encrypt it with SSL via LetsEncrypt, and proxy the traffic over to Intercom’s help center.

EasyEngine-SSL-Article.md

INSTRUCTIONS KINDLY PROVIDED BY JESSICA FROM TELECOM.LIVE

We will start this tutorial assuming that you already created a site using EasyEngine, and need to add a sub domain help.example.com, where example.com is to be replaced with your domain in all areas mentioned below. This tutorial is based on the os for Ubuntu 16.04 LTS, but should work on most Linux.

Update DNS Records:

(Note: If you have already setup a CNAME to point to custom.intercom.help — as per Intercom’s instructions — you need to delete that or the two settings will conflict and will lead to unpredictable results.)

The first step is to go to your DNS and add two A records (it’s very important that you add both your help.example.com and www.help.example.com domains otherwise LetsEncrypt will not issue a second SSL for your server!). Point the following domains:

• help.example.com pointed to your server IP address
• www.help.example.com pointed to the same server IP as above

Create Subdomain for help.example.com

Create the subdomain on easyengine by running this code:

sudo ee site create help.example.com --html

Add LetsEncrypt SSL Certificate:

Encrypt it with LetsEncrypt by running this code:

sudo ee site update help.example.com --letsencrypt  

Edit Server Config file:

Edit the server config file to indicate the use of our proxy site (intercom) that’s hosting our new help center by typing this code into the command line:

sudo ee site edit help.example.com

You can leave all settings from the output the same, just replace the “location” code with this location code:

    location / {
        
        set $intercom "https://custom.intercom.help:443"; 
        
        proxy_pass $intercom;

        proxy_redirect      off;

        proxy_set_header    Host            $host;

        proxy_set_header    X-Real-IP       $remote_addr;

        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;

 }

Press Control & X to exit and save Press Y, then enter to save/write to server

Restart Server:

sudo ee stack restart

That’s it, EasyEngine will do the rest! Pretty fast and easy!

To renew your SSL certificate, simply run:

sudo ee site update help.example.com --letsencrypt=renew 

(Note, if you are getting an error code for renewal that your IP doesn’t match - you may have to remove the location code snippet you added above, renew the certificate, then restore it back)

If your new help.example.com domain is getting a ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY error in Google Chrome Browser for not complying with Google latest TLS requirements, enter this code in the command line to open and edit your ssl config file:

sudo nano /var/www/help.example.com/conf/nginx/ssl.conf

Add this code right below the existing 4 lines to update your TLS into compliance:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

ssl_ecdh_curve secp384r1;

ssl_session_tickets off;

ssl_stapling on;

ssl_stapling_verify on;

resolver_timeout 5s;

add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";

add_header X-Frame-Options DENY;

add_header X-Content-Type-Options nosniff;

Press Control & X to exit and save Press Y, then enter to save/write to server

Restart Server:

sudo ee stack restart

Google Chrome problem fixed! Happy helping with Intercom's Articles help center 😃