These Instructions are for an ubuntu installation with nginx as the server. This method enables a user to get (free) certificates from an opensource provider and requires the website name to be publicly accessible. These instructions may not be applicable in other environments. Follow all applicable certificate policies when installing.
Before obtaining the certificates ensure that there are two DNS A records for the website name (i.e. demonodepublicdns, www.demonodepublicdns).
Getting the Certificates (letsencrypt example):
Certification Example
root@ubuntu:~# sudo apt-get update
root@ubuntu:~# sudo apt-get -y install git bc
root@ubuntu:~# sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
root@ubuntu:~# sudo apt-get install nginx
Do you want to continue? [Y/n] y
root@ubuntu:~# cd /opt/letsencrypt
root@ubuntu:/opt/letsencrypt# ./letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d demonodepublicdns -d www.demonodepublicdns
┌──────────────────────────────────────────────────────────────────────┐
│ Enter email address (used for urgent notices and lost key recovery) │
│ ┌──────────────────────────────────────────────────────────────────┐ │
│ │xxxx@xxxx.xxx │ │
│ └──────────────────────────────────────────────────────────────────┘ │
├──────────────────────────────────────────────────────────────────────┤
│ < OK > <Cancel> │
└──────────────────────────────────────────────────────────────────────┘
┌──────────────────────────────────────────────────────────────────────┐
│ Please read the Terms of Service at │
│ https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf. You │
│ must agree in order to register with the ACME server at │
│ https://acme-v01.api.letsencrypt.org/directory │
│ │
│ │
│ │
│ │
│ │
│ │
│ │
│ │
│ │
│ │
│ │
│ │
├──────────────────────────────────────────────────────────────────────┤
│ <Agree > <Cancel> │
└──────────────────────────────────────────────────────────────────────┘
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/demonodepublicdns/fullchain.pem. Your cert
will expire on 2016-09-29. To obtain a new or tweaked version of
this certificate in the future, simply run letsencrypt-auto again.
To non-interactively renew *all* of your certificates, run
"letsencrypt-auto renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
root@ubuntu:/opt/letsencrypt# ls /etc/letsencrypt/live/demonodepublicdns/
cert.pem chain.pem fullchain.pem privkey.pem
Setting up certificates in nginx:
root@ubuntu:/opt/letsencrypt# vim /etc/nginx/sites-available/default
server {
#listen 80 default_server;
#listen [::]:80 default_server ipv6only=on;
listen 443 ssl;
server_name demonodepublicdns www.demonodepublicdns;
ssl_certificate /etc/letsencrypt/live/demonodepublicdns/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/demonodepublicdns/privkey.pem;
root /usr/share/nginx/html;
index index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost;
}
server {
listen 80;
server_name demonodepublicdns www.demonodepublicdns;
return 301 https://$host$request_uri;
}
root@ubuntu:/opt/letsencrypt# sudo service nginx reload
To confirm if your certificates have been set correctly, in a browser try to navigate to https://www.demonodepublicdns and it should show a green lock with https in the url bar like 