![\"System](\"https://en.axtstar.com/wp-content/uploads/2016/07/13334048894_001d3e53d1_z-1.jpg\")
(This image is from flicker : Author Yuri Samoilov Image System Lock)
I changed my server\’s default connection to SSL for using letsencrypt.
HERE is the step by step tutotrial of its instruction how to change a server to fit SSL for when I forget my settings.
- Open 80 and 443 port to be connected from letsencrypt server.
In order to check you as the website owner, letsencrypt access to ip address which reverse dns look up form your domain.
- Web service like apache and nginx have to turn off.
sudo service nginx stop
- For adding certs, simply command like the below
git clone https://github.com/certbot/certbot cd certbot ./certbot-auto
You should chose \’NO\’ here.
- Retrieve certification from letsencrypt applying each specific (sub)domain.
./certbot-auto certonly --standalone -d example.jp -d www.example.jp
- change config to fit the SSL and rewrie your http to https.
- The below is setting of nginx rewrite rule for original HTTP connection in order to prevent access error already spread the internet.
server {
listen 80;
server_name www.example.com;
<pre><code>rewrite ^/$ https://www.example.com permanent;
</code></pre>
}
- The below is the setting fit SSL/TLS.
server {
listen 443;
server_name www.sample.com;
<pre><code>ssl on;
ssl_certificate /etc/letsencrypt/live/www.sample.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.sample.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
proxy_cache my_zone;
root /var/www/wordpress;
index index.php;
if (!-e $request_filename) {
rewrite ^/(.+)# /index.php?q=$1 last;
break;
}
}
location ~ .php$ {
proxy_cache my_zone;
# root html;
fastcgi_pass 127.0.0.1:8080;
fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME /var/www/wordpress$fastcgi_script_name; #wordpress path
include fastcgi_params;
}
</code></pre>
}
After the above configuration, You have to renew the cert at least once per three month.
sudo service nginx stop ./certbot-auto renew sudo service nginx start
that\’s it.