Let’s encrypt



\"System
(This image is from flicker : Author Yuri Samoilov Image System Lock)

I changed my server\’s default connection to SSL for using letsencrypt.

HERE is the step by step tutotrial of its instruction how to change a server to fit SSL for when I forget my settings.

  • Open 80 and 443 port to be connected from letsencrypt server.

In order to check you as the website owner, letsencrypt access to ip address which reverse dns look up form your domain.

  • Web service like apache and nginx have to turn off.
sudo service nginx stop
  • For adding certs, simply command like the below
git clone https://github.com/certbot/certbot
cd certbot
./certbot-auto

You should chose \’NO\’ here.

  • Retrieve certification from letsencrypt applying each specific (sub)domain.
 ./certbot-auto certonly --standalone -d example.jp -d www.example.jp
  • change config to fit the SSL and rewrie your http to https.

  • The below is setting of nginx rewrite rule for original HTTP connection in order to prevent access error already spread the internet.

server {
    listen        80;
    server_name  www.example.com;

<pre><code>rewrite ^/$ https://www.example.com permanent;
</code></pre>

}
  • The below is the setting fit SSL/TLS.
server {
    listen       443;
    server_name www.sample.com;

<pre><code>ssl                             on;
ssl_certificate                 /etc/letsencrypt/live/www.sample.com/fullchain.pem;
ssl_certificate_key             /etc/letsencrypt/live/www.sample.com/privkey.pem;
ssl_protocols                   TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers                     HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers       on;
ssl_session_cache               shared:SSL:10m;
ssl_session_timeout             10m;

location / {
    proxy_cache my_zone;

    root     /var/www/wordpress;
    index    index.php;

    if (!-e $request_filename) {
        rewrite ^/(.+)#  /index.php?q=$1 last;
        break;
    }
}

location ~ .php$ {
    proxy_cache my_zone;
#    root           html;
    fastcgi_pass   127.0.0.1:8080;
    fastcgi_index  index.php;
#   fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    fastcgi_param   SCRIPT_FILENAME  /var/www/wordpress$fastcgi_script_name; #wordpress path
    include        fastcgi_params;
}
</code></pre>

}

After the above configuration, You have to renew the cert at least once per three month.

sudo service nginx stop
./certbot-auto renew
sudo service nginx start

that\’s it.

Leave a comment

Your email address will not be published. Required fields are marked *