ivanrosolen/lets_encrypt_nginx.txt

## lets_encrypt_nginx.txt
apt-get update

apt-get install nginx

wget https://dl.eff.org/certbot-auto

chmod a+x certbot-auto

./certbot-auto

server {
    listen 80;
    server_name domain.com www.domain.com;
    root /var/www/domain;
}

./certbot-auto certonly --webroot -w /var/www/domain -d domain.com -d www.domain.com

./certbot-auto renew --dry-run

./certbot-auto renew --quiet --no-self-upgrade

crontab -e
0 0 12 1/89 * ? * /path/to/certbot-auto renew --quiet --no-self-upgrade

vim /etc/nginx/sites-enabled/default.conf

server {
    listen 80;
    listen 443 ssl;
    server_name domain.com www.domain.com;
    ssl_protocols TLSv1.2;
    ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers On;
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/domain.com/chain.pem;
    ssl_session_cache shared:SSL:128m;
    add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
    ssl_stapling on;
    ssl_stapling_verify on;

    root /var/www/domain;
    index index.html;

    location '/.well-known/acme-challenge' {
        root        /var/www/domain;
    }

    location / {
        if ($scheme = http) {
            return 301 https://$server_name$request_uri;
        }
    }
}
	apt-get update

	apt-get install nginx

	wget https://dl.eff.org/certbot-auto

	chmod a+x certbot-auto

	./certbot-auto

	server {
	listen 80;
	server_name domain.com www.domain.com;
	root /var/www/domain;
	}

	./certbot-auto certonly --webroot -w /var/www/domain -d domain.com -d www.domain.com

	./certbot-auto renew --dry-run

	./certbot-auto renew --quiet --no-self-upgrade

	crontab -e
	0 0 12 1/89 * ? * /path/to/certbot-auto renew --quiet --no-self-upgrade

	vim /etc/nginx/sites-enabled/default.conf

	server {
	listen 80;
	listen 443 ssl;
	server_name domain.com www.domain.com;
	ssl_protocols TLSv1.2;
	ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
	ssl_prefer_server_ciphers On;
	ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/domain.com/chain.pem;
	ssl_session_cache shared:SSL:128m;
	add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
	ssl_stapling on;
	ssl_stapling_verify on;

	root /var/www/domain;
	index index.html;

	location '/.well-known/acme-challenge' {
	root /var/www/domain;
	}

	location / {
	if ($scheme = http) {
	return 301 https://$server_name$request_uri;
	}
	}
	}