Skip to content

Instantly share code, notes, and snippets.

@michaelmano
Last active June 15, 2018 06:26
Show Gist options
  • Save michaelmano/a5b394fdcac5ed5cb418476a1990a32c to your computer and use it in GitHub Desktop.
Save michaelmano/a5b394fdcac5ed5cb418476a1990a32c to your computer and use it in GitHub Desktop.
acme.sh
# Clone the files
git clone git@github.com:Neilpang/acme.sh.git /home/ubuntu/.acme.sh
# Edit https://github.com/Neilpang/acme.sh/blob/master/dnsapi/dns_cf.sh#L4 and https://github.com/Neilpang/acme.sh/blob/master/dnsapi/dns_cf.sh#L6 and add your cloudflare API Key and email
nano /home/ubuntu/.acme.sh/dnsapi/dns_cf.sh
# Run
./acme.sh --issue -d example.com -d '*.example.com' --dns dns_cf
# Now create the cronjob to renew it
sudo crontab -e
# add the following
0 0 * * * "/home/ubuntu/.acme.sh"/acme.sh --cron --home "/home/ubuntu/.acme.sh" > /dev/null
# Create the folder and run the install command
sudo mkdir /etc/nginx/certs/example.com/ && \
sudo /home/ubuntu/.acme.sh/acme.sh --install-cert -d example.com \
--cert-file /etc/nginx/certs/example.com/cert.pem \
--key-file /etc/nginx/certs/example.com/key.pem \
--fullchain-file /etc/nginx/certs/example.com/fullchain.pem \
--reloadcmd "sudo service nginx restart"
# Edit your /etc/nginx/sites-available/exmaple.com.conf
server {
listen 80;
listen [::]:80;
server_name sub.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www/bcm-status;
index index.php index.html;
server_name sub.example.com;
ssl_certificate /etc/nginx/certs/example.com/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/example.com/key.pem;
# Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
# Enable server-side protection against BEAST attacks
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
# Disable SSLv3
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'origin, content-type, accept';
allow 220.101.23.227;
deny all;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~* (index)\.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.1-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
git clone git@github.com:Neilpang/acme.sh.git /home/ubuntu/.acme.sh
cd /home/ubuntu/.acme.sh
./acme.sh --issue -d example.com -d 'st.example.com' -d '*.st.example.com' --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please
./acme.sh --renew -d example.com -d 'st.example.com' -d '*.st.example.com' --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please
# Create the folder and run the install command
sudo mkdir /etc/nginx/certs/ && \
sudo mkdir /etc/nginx/certs/example.com/ && \
sudo /home/ubuntu/.acme.sh/acme.sh --install-cert -d example.com \
--cert-file /etc/nginx/certs/example.com/cert.pem \
--key-file /etc/nginx/certs/example.com/key.pem \
--fullchain-file /etc/nginx/certs/example.com/fullchain.pem \
--reloadcmd "sudo service nginx restart"
# Edit your /etc/nginx/sites-available/exmaple.com.conf
server {
listen 80;
listen [::]:80;
server_name sub.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www/bcm-status;
index index.php index.html;
server_name sub.example.com;
ssl_certificate /etc/nginx/certs/example.com/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/example.com/key.pem;
# Improve HTTPS performance with session resumption
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
# Enable server-side protection against BEAST attacks
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
# Disable SSLv3
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Headers' 'origin, content-type, accept';
allow 220.101.23.227;
deny all;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~* (index)\.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.1-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment