%DOMAIN% - your domain
%EMAIL% - email for Let's Encrypt notifications
server {
listen 443 default ssl;
server_name localhost;
error_page 497 https://$host$request_uri;
ssl_certificate /etc/letsencrypt/live/%DOMAIN%/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/%DOMAIN%/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_prefer_server_ciphers on;
if ($ssl_protocol = "") {
rewrite ^ https://$host$request_uri? permanent;
}
location / {
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://localhost:5000;
proxy_read_timeout 90;
}
}sudo wget https://dl.eff.org/certbot-auto; sudo chmod a+x certbot-auto
sudo rm -rf /opt/eff.org/*
sudo pip install -U certbot
sudo ./certbot-auto certonly --debug --non-interactive --email %EMAIL% --agree-tos --standalone --domains %DOMAIN% --keep-until-expiring --pre-hook "sudo service nginx stop" --post-hook "sudo service nginx start"
sudo ln -sf /etc/letsencrypt/live/${certdomain} /etc/letsencrypt/live/ebcert
sudo service nginx restart