musale/letsencrypt.sh

## letsencrypt.sh
# clone the repo for letsencrypt from github
git clone https://github.com/letsencrypt/letsencrypt

# stop nginx
systemctl stop nginx

# get the cert
./letsencrypt-auto certonly --standalone --email your@email.co --agree-tos -d www.yoursite.com

# renewing your cert
./letsencrypt-auto certonly --standalone --email your@email.co -d www.yoursite.com

# update your nginx file for your file

# start nginx
systemctl start nginx

## yoursite.conf
server {
    listen 443 ssl;
    client_max_body_size 40M;
    server_name yoursite.com www.yoursite.com;
    server_tokens off;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/new.yoursite.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/new.yoursite.com/privkey.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security max-age=31536000;

    location = /favicon.ico  {
        rewrite "/favicon.ico" /static/img/favicon.ico;
        access_log off; log_not_found off;
    }

    location /static/ {
        root /your/app/folder;
    }

    location /media/ {
        root /your/app/folder;
    }

    location / {
        proxy_connect_timeout 600;
        proxy_read_timeout 600;
        proxy_send_timeout 600;
        send_timeout 600;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://unix:/your/app/folder/yourapp.sock;
    }
}

server {
    listen 80;
    listen [::]:80;
    server_name yoursite.com www.yoursite.com;
    # permanent redirect
    return 301 https://$host$request_uri;
}
	# clone the repo for letsencrypt from github
	git clone https://github.com/letsencrypt/letsencrypt

	# stop nginx
	systemctl stop nginx

	# get the cert
	./letsencrypt-auto certonly --standalone --email your@email.co --agree-tos -d www.yoursite.com

	# renewing your cert
	./letsencrypt-auto certonly --standalone --email your@email.co -d www.yoursite.com

	# update your nginx file for your file

	# start nginx
	systemctl start nginx
	server {
	listen 443 ssl;
	client_max_body_size 40M;
	server_name yoursite.com www.yoursite.com;
	server_tokens off;

	ssl on;
	ssl_certificate /etc/letsencrypt/live/new.yoursite.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/new.yoursite.com/privkey.pem;
	ssl_stapling on;
	ssl_stapling_verify on;
	add_header Strict-Transport-Security max-age=31536000;

	location = /favicon.ico {
	rewrite "/favicon.ico" /static/img/favicon.ico;
	access_log off; log_not_found off;
	}

	location /static/ {
	root /your/app/folder;
	}

	location /media/ {
	root /your/app/folder;
	}

	location / {
	proxy_connect_timeout 600;
	proxy_read_timeout 600;
	proxy_send_timeout 600;
	send_timeout 600;
	proxy_set_header Host $http_host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_pass http://unix:/your/app/folder/yourapp.sock;
	}
	}

	server {
	listen 80;
	listen [::]:80;
	server_name yoursite.com www.yoursite.com;
	# permanent redirect
	return 301 https://$host$request_uri;
	}