ziyunli/after

## after
# /etc/nginx/sites-available/default
server {
	listen 80;
  	server_name <domain name>;
	return 301 https://<domain name>$request_uri;
}

server {
	listen 80;
	server_name www.<domain name>;
	return 301 https://<domain name>$request_uri;
}

# HTTPS server
#
server {
	listen 443 ssl;
	server_name www.<domain name>;

#	root html;
	index index.html index.htm;

#	ssl on;
	ssl_certificate /etc/letsencrypt/live/www.<domain name>/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/www.<domain name>/privkey.pem;

	ssl_session_timeout 5m;

	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
	ssl_prefer_server_ciphers on;

	return 301 https://<domain name>$request_uri;
}

server {
	listen 443 ssl default_server;
	server_name <domain name>;

#	root html;
	index index.html index.htm;

#	ssl on;
	ssl_certificate /etc/letsencrypt/live/<domain name>/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/<domain name>/privkey.pem;

	ssl_session_timeout 5m;

	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
	ssl_prefer_server_ciphers on;

	location / {
		try_files $uri $uri/ =404;
	}
}

## before
# /etc/nginx/sites-available/default
server {
    listen 80 default_server;
    server_name <domain name>;

    location /.well-known/acme-challenge {
        root /usr/share/nginx/html/letsencrypt;
    }
}

server {
    listen 80 default_server;
    server_name www.<domain name>;

    location /.well-known/acme-challenge {
        root /usr/share/nginx/html/letsencrypt;
    }
}

## le.conf
# /etc/letsencrypt/configs/<domain name>.conf
domains = <domain name>

# increase key size
rsa-key-size = 4096

# the current closed beta (as of 2015-Nov-07) is using this server
server = https://acme-v01.api.letsencrypt.org/directory

# this address will receive renewal reminders
email = <email>

# turn off the ncurses UI, we want this to be run as a cronjob
text = True

# authenticate by placing a file in the webroot (under .well-known/acme-challenge/)
# and then letting LE fetch it
authenticator = webroot
webroot-path = /usr/share/nginx/html/letsencrypt/
	# /etc/nginx/sites-available/default
	server {
	listen 80;
	server_name <domain name>;
	return 301 https://<domain name>$request_uri;
	}

	server {
	listen 80;
	server_name www.<domain name>;
	return 301 https://<domain name>$request_uri;
	}

	# HTTPS server
	#
	server {
	listen 443 ssl;
	server_name www.<domain name>;

	# root html;
	index index.html index.htm;

	# ssl on;
	ssl_certificate /etc/letsencrypt/live/www.<domain name>/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/www.<domain name>/privkey.pem;

	ssl_session_timeout 5m;

	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
	ssl_prefer_server_ciphers on;

	return 301 https://<domain name>$request_uri;
	}

	server {
	listen 443 ssl default_server;
	server_name <domain name>;

	# root html;
	index index.html index.htm;

	# ssl on;
	ssl_certificate /etc/letsencrypt/live/<domain name>/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/<domain name>/privkey.pem;

	ssl_session_timeout 5m;

	ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
	ssl_prefer_server_ciphers on;

	location / {
	try_files $uri $uri/ =404;
	}
	}
	# /etc/nginx/sites-available/default
	server {
	listen 80 default_server;
	server_name <domain name>;

	location /.well-known/acme-challenge {
	root /usr/share/nginx/html/letsencrypt;
	}
	}

	server {
	listen 80 default_server;
	server_name www.<domain name>;

	location /.well-known/acme-challenge {
	root /usr/share/nginx/html/letsencrypt;
	}
	}
	# /etc/letsencrypt/configs/<domain name>.conf
	domains = <domain name>

	# increase key size
	rsa-key-size = 4096

	# the current closed beta (as of 2015-Nov-07) is using this server
	server = https://acme-v01.api.letsencrypt.org/directory

	# this address will receive renewal reminders
	email = <email>

	# turn off the ncurses UI, we want this to be run as a cronjob
	text = True

	# authenticate by placing a file in the webroot (under .well-known/acme-challenge/)
	# and then letting LE fetch it
	authenticator = webroot
	webroot-path = /usr/share/nginx/html/letsencrypt/