Skip to content

Instantly share code, notes, and snippets.

@toanant
Last active January 27, 2017 14:22
Show Gist options
  • Save toanant/720946b4f972cbff07cc6fc422a0acd7 to your computer and use it in GitHub Desktop.
Save toanant/720946b4f972cbff07cc6fc422a0acd7 to your computer and use it in GitHub Desktop.

$cd ~/; openssl dhparam -out dhparams.pem 2048; sudo mv dhparams.pem /etc/ssl/

cd /opt; sudo wget https://dl.eff.org/certbot-auto; sudo chmod a+x certbot-auto

sudo mkdir -p /var/www/<domain name>/ # e.g. /var/www/toanant.in/

Add this to current nginx server block

location '/.well-known/acme-challenge' {
    root /var/www/<domain name>/; # /var/www/toanant.in/
    try_files $uri /$1;
}

Run below command and enter asked credentials

sudo ./certbot-auto certonly --webroot -w /var/www/<domain name>/

Add 443 server block with below values

ssl_certificate /etc/letsencrypt/live/<domain name>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<domain name>/privkey.pem;

# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/ssl/dhparams.pem;

Add cronjob as root to renew certificate. (sudo crontab -e)

1 0 * * * /opt/certbot-auto renew --quiet --no-self-upgrade

30 0 * * * /etc/init.d/nginx reload

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment