These Instructions are for an ubuntu installation with nginx as the server. This method enables a user to get (free) certificates from an opensource provider and requires the website name to be publicly accessible. These instructions may not be applicable in other environments. Follow all applicable certificate policies when installing.
Before obtaining the certificates ensure that there are two DNS A records for the website name (i.e. demonodepublicdns, www.demonodepublicdns).
Getting the Certificates (letsencrypt example):
Certification Example
root@ubuntu:~# sudo apt-get update root@ubuntu:~# sudo apt-get -y install nginx root@ubuntu:~# wget https://dl.eff.org/certbot-auto root@ubuntu:~# chmod a+x certbot-auto root@ubuntu:~# ./certbot-auto root@ubuntu:~# ./certbot-auto certonly --webroot -w /usr/share/nginx/html -d demonodepublicdns ┌────────────────────────────┐ │ Enter email address (used │ │ for urgent notices and │ │ lost key recovery) │ │ ┌────────────────────────┐ │ │ │xxxx@xxxx.xx │ │ │ └────────────────────────┘ │ ├────────────────────────────┤ │ < OK > <Cancel> │ └────────────────────────────┘ ┌───────────────────────────────────────────────────────────────────┐ │ Please read the Terms of Service at │ │ https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. │ │ You must agree in order to register with the ACME server at │ │ https://acme-v01.api.letsencrypt.org/directory │ ├───────────────────────────────────────────────────────────────────┤ │ <Agree > <Cancel> │ └───────────────────────────────────────────────────────────────────┘ IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/demonodepublicdns/fullchain.pem. Your cert will expire on 2016-09-29. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again. To non-interactively renew *all* of your certificates, run "letsencrypt-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le root@ubuntu:/opt/letsencrypt# ls /etc/letsencrypt/live/demonodepublicdns/ cert.pem chain.pem fullchain.pem privkey.pem