$cd ~/; openssl dhparam -out dhparams.pem 2048; sudo mv dhparams.pem /etc/ssl/
cd /opt; sudo wget https://dl.eff.org/certbot-auto; sudo chmod a+x certbot-auto
sudo mkdir -p /var/www/<domain name>/ # e.g. /var/www/toanant.in/
location '/.well-known/acme-challenge' {
root /var/www/<domain name>/; # /var/www/toanant.in/
try_files $uri /$1;
}
sudo ./certbot-auto certonly --webroot -w /var/www/<domain name>/
ssl_certificate /etc/letsencrypt/live/<domain name>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<domain name>/privkey.pem;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/ssl/dhparams.pem;
1 0 * * * /opt/certbot-auto renew --quiet --no-self-upgrade
30 0 * * * /etc/init.d/nginx reload