Last active
February 22, 2017 09:44
-
-
Save alex-min/158f35f604b24e163ae9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_prefer_server_ciphers on; | |
| ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; | |
| ssl_session_cache shared:SSL:10m; | |
| ssl_dhparam /etc/ssl/certs/dhparam.pem; | |
| ssl_session_timeout 1d; | |
| ssl_session_tickets off; | |
| ssl_stapling on; | |
| ssl_stapling_verify on; | |
| add_header X-Frame-Options DENY; | |
| add_header Strict-Transport-Security max-age=15768000; | |
| add_header X-Xss-Protection "1; mode=block"; | |
| add_header X-Content-Type-Options nosniff; | |
| location ~ /.well-known { allow all; } |
to generate dhparams.pem
cd /etc/ssl/certs
openssl dhparam -out dhparam.pem 4096(takes a long time)
Then add your website to https://sslcatch.com which is going to send you an email 60days before the expiration, just in case your crontab does not work.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To renew the certificate: