- Go to your server and login as
rootuser - Make sure you have
gitandbctools ubuntu command:sudo apt-get -y install git bc - Clone repo:
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt - Stop nginx:
service nginx stop - Make sure nginx has stopped:
netstat -na | grep ':80.*LISTEN' - Run let's encrypt script:
cd /opt/letsencrypt && ./letsencrypt-auto certonly --standalone - Put you email address in the next window
- Enter domain names and subdomains
- Start nginx (optional)
- Open your nginx configuration file:
/etc/nginx/sites-available/your_site
and replacelisten 80;directive vialisten 443 ssl;
Also add certificates:
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
You might want to add the most secure SSL protocols and ciphers:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
- Add a new section to redirect users to https
server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
}
- Start or restart nginx
service nginx restart - Auto Renewal. The certificate is valid only for 90 days.
crontab -eand add0 5 * * 1 cd /opt/letsencrypt && ./letsencrypt-auto renewIt will be trying to renew certificates every week at 5am utc zone