This repository has been archived by the owner on Aug 19, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
SSL Certificates
Arkadiusz Żmudzin edited this page Mar 10, 2020
·
2 revisions
- Install
pip
sudo apt-get install python-pip
- Install
setuptools
pip install setuptools
- Make sure you have set up locale correctly
sudo locale-gen en_US en_US.UTF-8
export LC_ALL="en_US.UTF-8"
export LC_CTYPE="en_US.UTF-8"
- Install Certbot
Download the
certbot-autoLet’s Encrypt client and save under/usr/sbindirectory. Use the following command to do this.
sudo wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
sudo chmod a+x /usr/sbin/certbot-auto
sudo certbot-auto certonly --nginx -d api.oneleif.com
sudo certbot-auto certonly --nginx -d dev.api.oneleif.com
Output:
➜ ~ sudo certbot-auto certonly --nginx -d api.oneleif.com -d dev.api.oneleif.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/api.oneleif.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/api.oneleif.com/privkey.pem
Your cert will expire on 2020-06-07. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
If everything goes fine. A new SSL will be issued at below location. Navigate to below directory and view files.
root:/home/ubuntu# cd /etc/letsencrypt/live/api.oneleif.com/
root:/etc/letsencrypt/live/api.oneleif.com# ls
cert.pem chain.pem fullchain.pem privkey.pem README
Nginx:
ssl on;
ssl_certificate /etc/letsencrypt/live/api.oneleif.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.oneleif.com/privkey.pem;
Here is a full example of Nginx virtual host with redirection from HTTP to HTTPS
server {
server_name dev.api.oneleif.com;
listen 80;
listen [::]:80;
rewrite ^ https://$server_name$uri last;
}
server {
server_name dev.api.oneleif.com;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/dev.api.oneleif.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/dev.api.oneleif.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:8081;
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Server;
proxy_connect_timeout 3s;
proxy_read_timeout 10s;
}
}
In the end, configure the following job on your server crontab to auto-renew SSL certificate if required.
0 2 * * * sudo /usr/sbin/certbot-auto -q renew