Skip to content

Latest commit

 

History

History
executable file
·
112 lines (89 loc) · 2.76 KB

ssl.md

File metadata and controls

executable file
·
112 lines (89 loc) · 2.76 KB
Raw

It's a web server configuration. Nothing changes in the app code.

Install

Guide for nginx on ubuntu. The certificates are issued instantly, no waiting.

# Install certbot
sudo wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto
sudo chmod a+x /usr/sbin/certbot-auto

# nginx plugin
sudo apt install python-certbot-nginx

# Stop listening to port 80
systemctl stop nginx

# Get SSL certificate
sudo certbot-auto certonly --standalone -d example.com

# Check certificate - Might require sudo -i
ls /etc/letsencrypt/live/example.com

# Start listening to port 80
systemctl start nginx

Renew

# test
sudo certbot renew --cert-name example.com --dry-run

#renew
sudo certbot renew --cert-name example.com

Nginx configuration

events {}

http {
    include mime.types;

    server {
        listen 80 default_server;
        server_name example.com;
        return 301 https://example.com$request_uri; # redirect to 443 SSL
    }

    server {
        listen 443 ssl default_server;
        server_name example.com;
        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

        location / {
            proxy_pass 'http://localhost:3000/';
        }
    }
}
# Check nginx configuration
sudo nginx -t

# Restart nginx with new configuration
systemctl start nginx

# Schedule task
crontab -e

# At 02:00 auto-renew SSL certificate if required
0 2 * * * sudo /usr/sbin/certbot-auto -q renew --nginx

Guide

The domain already needs to be specified in the nginx conf file.The certbot takes the domain from file only no need to specify the domain. Follow the steps below:

  1. First install Cetbot with
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot
  1. Install nginx plugin after installing certbot.
sudo apt install python-certbot-nginx
  1. Now navigate to the nginx config file with
sudo nano /etc/nginx/nginx.conf
  1. here go to the included files for sites enabled in http scope exp-
/etc/nginx/sites-enabled/
  1. open default with
sudo vi default
  1. Here change "server_name" to your domain name for 443 port. These are individual server blocks
  2. If you need to add something on other port then it can be done in this file.
  3. And now save the file
  4. start the bash as admin with "sudo bash"
  5. Now start certbot with nginx plugin. "certbot --nginx"
  6. select the appropriate options and domain which will be listed automatically.

This works in Ubuntu 16.04 so I guess it would work on most other as well.