Skip to content

Instantly share code, notes, and snippets.

@waaaaargh

waaaaargh/letsencrypt.md

Last active September 26, 2016 21:00
Show Gist options
  • Save waaaaargh/416ae8b61d8c471f375c3e3198464d46 to your computer and use it in GitHub Desktop.
Save waaaaargh/416ae8b61d8c471f375c3e3198464d46 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
letsencrypt.md

Install Letsencrypt

# apt-get install git dialog
# git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

Make .well-known folder for webroot

mkdir /var/www/letsencrypt
chown -R www-data:www-data /var/www/letsencrypt

Add that to your vhost

location /.well-known {
    root /var/www/letsencrypt;
}

Run certbot

cd /opt/letsencrypt
./letsencrypt-auto certonly -a webroot --webroot-path=/var/www/letsencrypt -d example.com

Substitute example.com with your domain

Configure NGINX to use your certs

ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !MEDIUM";

These SSL settings currently yield 'A' in https://www.ssllabs.com/ssltest/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment