michaelmano/cloudflare.ssl

## cloudflare.ssl
# Clone the files
git clone git@github.com:Neilpang/acme.sh.git /home/ubuntu/.acme.sh

# Edit https://github.com/Neilpang/acme.sh/blob/master/dnsapi/dns_cf.sh#L4 and https://github.com/Neilpang/acme.sh/blob/master/dnsapi/dns_cf.sh#L6 and add your cloudflare API Key and email
nano /home/ubuntu/.acme.sh/dnsapi/dns_cf.sh

# Run
./acme.sh --issue -d example.com -d '*.example.com' --dns dns_cf

# Now create the cronjob to renew it

sudo crontab -e
# add the following
0 0 * * * "/home/ubuntu/.acme.sh"/acme.sh --cron --home "/home/ubuntu/.acme.sh" > /dev/null

# Create the folder and run the install command
sudo mkdir /etc/nginx/certs/example.com/ && \
sudo /home/ubuntu/.acme.sh/acme.sh --install-cert -d example.com \
--cert-file /etc/nginx/certs/example.com/cert.pem \
--key-file /etc/nginx/certs/example.com/key.pem \
--fullchain-file /etc/nginx/certs/example.com/fullchain.pem \
--reloadcmd "sudo service nginx restart"

# Edit your /etc/nginx/sites-available/exmaple.com.conf


server {
       listen         80;
       listen    [::]:80;
       server_name sub.example.com;
       return         301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    root /var/www/bcm-status;

    index index.php index.html;

    server_name sub.example.com;

    ssl_certificate      /etc/nginx/certs/example.com/fullchain.pem;
    ssl_certificate_key  /etc/nginx/certs/example.com/key.pem;

    # Improve HTTPS performance with session resumption
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 5m;

    # Enable server-side protection against BEAST attacks
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    # Disable SSLv3
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Headers' 'origin, content-type, accept';

    allow 220.101.23.227;
    deny all;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~* (index)\.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.1-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }
}

## manual-dns.ssl
git clone git@github.com:Neilpang/acme.sh.git /home/ubuntu/.acme.sh

cd /home/ubuntu/.acme.sh

./acme.sh --issue -d example.com -d 'st.example.com' -d '*.st.example.com' --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please
./acme.sh --renew -d example.com -d 'st.example.com' -d '*.st.example.com' --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please

# Create the folder and run the install command
sudo mkdir /etc/nginx/certs/ && \
sudo mkdir /etc/nginx/certs/example.com/ && \
sudo /home/ubuntu/.acme.sh/acme.sh --install-cert -d example.com \
--cert-file /etc/nginx/certs/example.com/cert.pem \
--key-file /etc/nginx/certs/example.com/key.pem \
--fullchain-file /etc/nginx/certs/example.com/fullchain.pem \
--reloadcmd "sudo service nginx restart"


# Edit your /etc/nginx/sites-available/exmaple.com.conf


server {
       listen         80;
       listen    [::]:80;
       server_name sub.example.com;
       return         301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    root /var/www/bcm-status;

    index index.php index.html;

    server_name sub.example.com;

    ssl_certificate      /etc/nginx/certs/example.com/fullchain.pem;
    ssl_certificate_key  /etc/nginx/certs/example.com/key.pem;

    # Improve HTTPS performance with session resumption
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 5m;

    # Enable server-side protection against BEAST attacks
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    # Disable SSLv3
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Headers' 'origin, content-type, accept';

    allow 220.101.23.227;
    deny all;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~* (index)\.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.1-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }
}
	# Clone the files
	git clone git@github.com:Neilpang/acme.sh.git /home/ubuntu/.acme.sh

	# Edit https://github.com/Neilpang/acme.sh/blob/master/dnsapi/dns_cf.sh#L4 and https://github.com/Neilpang/acme.sh/blob/master/dnsapi/dns_cf.sh#L6 and add your cloudflare API Key and email
	nano /home/ubuntu/.acme.sh/dnsapi/dns_cf.sh

	# Run
	./acme.sh --issue -d example.com -d '*.example.com' --dns dns_cf

	# Now create the cronjob to renew it

	sudo crontab -e
	# add the following
	0 0 * * * "/home/ubuntu/.acme.sh"/acme.sh --cron --home "/home/ubuntu/.acme.sh" > /dev/null

	# Create the folder and run the install command
	sudo mkdir /etc/nginx/certs/example.com/ && \
	sudo /home/ubuntu/.acme.sh/acme.sh --install-cert -d example.com \
	--cert-file /etc/nginx/certs/example.com/cert.pem \
	--key-file /etc/nginx/certs/example.com/key.pem \
	--fullchain-file /etc/nginx/certs/example.com/fullchain.pem \
	--reloadcmd "sudo service nginx restart"

	# Edit your /etc/nginx/sites-available/exmaple.com.conf


	server {
	listen 80;
	listen [::]:80;
	server_name sub.example.com;
	return 301 https://$server_name$request_uri;
	}

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	root /var/www/bcm-status;

	index index.php index.html;

	server_name sub.example.com;

	ssl_certificate /etc/nginx/certs/example.com/fullchain.pem;
	ssl_certificate_key /etc/nginx/certs/example.com/key.pem;

	# Improve HTTPS performance with session resumption
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 5m;

	# Enable server-side protection against BEAST attacks
	ssl_prefer_server_ciphers on;
	ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

	# Disable SSLv3
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

	add_header 'Access-Control-Allow-Origin' '*';
	add_header 'Access-Control-Allow-Headers' 'origin, content-type, accept';

	allow 220.101.23.227;
	deny all;

	location / {
	try_files $uri $uri/ /index.php?$query_string;
	}

	location ~* (index)\.php$ {
	include snippets/fastcgi-php.conf;
	fastcgi_pass unix:/run/php/php7.1-fpm.sock;
	}

	location ~ /\.ht {
	deny all;
	}
	}
	git clone git@github.com:Neilpang/acme.sh.git /home/ubuntu/.acme.sh

	cd /home/ubuntu/.acme.sh

	./acme.sh --issue -d example.com -d 'st.example.com' -d '*.st.example.com' --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please
	./acme.sh --renew -d example.com -d 'st.example.com' -d '*.st.example.com' --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please

	# Create the folder and run the install command
	sudo mkdir /etc/nginx/certs/ && \
	sudo mkdir /etc/nginx/certs/example.com/ && \
	sudo /home/ubuntu/.acme.sh/acme.sh --install-cert -d example.com \
	--cert-file /etc/nginx/certs/example.com/cert.pem \
	--key-file /etc/nginx/certs/example.com/key.pem \
	--fullchain-file /etc/nginx/certs/example.com/fullchain.pem \
	--reloadcmd "sudo service nginx restart"



	# Edit your /etc/nginx/sites-available/exmaple.com.conf


	server {
	listen 80;
	listen [::]:80;
	server_name sub.example.com;
	return 301 https://$server_name$request_uri;
	}

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	root /var/www/bcm-status;

	index index.php index.html;

	server_name sub.example.com;

	ssl_certificate /etc/nginx/certs/example.com/fullchain.pem;
	ssl_certificate_key /etc/nginx/certs/example.com/key.pem;

	# Improve HTTPS performance with session resumption
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 5m;

	# Enable server-side protection against BEAST attacks
	ssl_prefer_server_ciphers on;
	ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

	# Disable SSLv3
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

	add_header 'Access-Control-Allow-Origin' '*';
	add_header 'Access-Control-Allow-Headers' 'origin, content-type, accept';

	allow 220.101.23.227;
	deny all;

	location / {
	try_files $uri $uri/ /index.php?$query_string;
	}

	location ~* (index)\.php$ {
	include snippets/fastcgi-php.conf;
	fastcgi_pass unix:/run/php/php7.1-fpm.sock;
	}

	location ~ /\.ht {
	deny all;
	}
	}