NginxをHTTP/2対応にする話 ref: http://qiita.com/lapis_zero09/items/bece76808492232da3f7

file1.txt

$ cd /usr/local/
$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt
$ ./letsencrypt-auto --help
$ ./letsencrypt-auto certonly --webroot -d www.{自分の契約しているドメイン} --webroot-path {公開したいドキュメントのルートここでは/var/www}

file2.txt

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/itochan.jp/fullchain.pem. Your cert
   will expire on 2016-03-08. To obtain a new version of the
   certificate in the future, simply run Lets Encrypt again.
 - If like Lets Encrypt, please consider supporting our work by:

   Donating to ISRG / Lets Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

file3.txt

$ su -
$ crontab -e

file4.txt

00 05 01 * * /usr/local/letsencrypt/letsencrypt-auto certonly --webroot -d www.{自分の契約しているドメイン} --webroot-path {公開したいドキュメントのルートここでは/var/www} --renew-by-default && nginx -s reload

file6.txt

$  sudo nginx -t

file7.txt

$ sudo nginx -s reload

file9.txt

$ openssl dhparam -out dhparam.pem 2048
$ openssl dhparam -text -in dhparam.pem  -noout

nginx.conf

~省略~
server {
        listen       443 ssl http2;
        server_name  www.{自分の契約しているドメイン};
        add_header Strict-Transport-Security "max-age=15768000; includeSubdomains";

        ssl_certificate      /etc/letsencrypt/live/www.{自分の契約しているドメイン}/fullchain.pem;
        ssl_certificate_key  /etc/letsencrypt/live/www.{自分の契約しているドメイン}/privkey.pem;
        ssl_dhparam          dhparam.pem;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  ECDHE+AESGCM:DHE+AESGCM:HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
        location / {
            root   /var/www;
            index  index.html;
        }
    }
~省略~