...
Before getting the certificates. It is necessary that there are two DNS A records for website name i.e. demonodepublicdns, www.demonodepublicdns.
Getting the Certificates:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
root@ubuntu:~# sudo apt-get update root@ubuntu:~# sudo apt-get -y install git bc root@ubuntu:~# sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt root@ubuntu:~# sudo apt-get install nginx Do you want to continue? [Y/n] y root@ubuntu:~# cd /opt/letsencrypt root@ubuntu:/opt/letsencrypt# ./letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d demonodepublicdns -d www.demonodepublicdns ┌──────────────────────────────────────────────────────────────────────┐ │ Enter email address (used for urgent notices and lost key recovery) │ │ ┌──────────────────────────────────────────────────────────────────┐ │ │ │xxxx@xxxx.xxx │ │ │ └──────────────────────────────────────────────────────────────────┘ │ ├──────────────────────────────────────────────────────────────────────┤ │ < OK > <Cancel> │ └──────────────────────────────────────────────────────────────────────┘ ┌──────────────────────────────────────────────────────────────────────┐ │ Please read the Terms of Service at │ │ https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf. You │ │ must agree in order to register with the ACME server at │ │ https://acme-v01.api.letsencrypt.org/directory │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ ├──────────────────────────────────────────────────────────────────────┤ │ <Agree > <Cancel> │ └──────────────────────────────────────────────────────────────────────┘ IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/demonodepublicdns/fullchain.pem. Your cert will expire on 2016-09-29. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again. To non-interactively renew *all* of your certificates, run "letsencrypt-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le root@ubuntu:/opt/letsencrypt# ls /etc/letsencrypt/live/demonodepublicdns/ cert.pem chain.pem fullchain.pem privkey.pem |
Setting up certificates in nginx:
Code Block | ||
---|---|---|
| ||
root@ubuntu:/opt/letsencrypt# vim /etc/nginx/sites-available/default server { #listen 80 default_server; #listen [::]:80 default_server ipv6only=on; listen 443 ssl; server_name demonodepublicdns www.demonodepublicdns; ssl_certificate /etc/letsencrypt/live/demonodepublicdns/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/demonodepublicdns/privkey.pem; root /usr/share/nginx/html; index index.html index.htm; # Make site accessible from http://localhost/ server_name localhost; } root@ubuntu:/opt/letsencrypt# sudo service nginx reload |
To confirm if your certificates have been set correctly, in a browser try to navigate to https://www.demonodepublicdns and it should show a green lock with https in the url bar like