These Instructions are for a ubuntu server with nginx as the server. Also this method is to get free certificates from an opensource way and needs the website name to be publicly accessible. These instructions may not help in any other setting. Installers need to ensure they are following applicable certificate policies. |
Before getting the certificates. It is necessary that there are two DNS A records for website name i.e. demonodepublicdns, www.demonodepublicdns.
root@ubuntu:~# sudo apt-get update root@ubuntu:~# sudo apt-get -y install git bc root@ubuntu:~# sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt root@ubuntu:~# sudo apt-get install nginx Do you want to continue? [Y/n] y root@ubuntu:~# cd /opt/letsencrypt root@ubuntu:/opt/letsencrypt# ./letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d demonodepublicdns -d www.demonodepublicdns ┌──────────────────────────────────────────────────────────────────────┐ │ Enter email address (used for urgent notices and lost key recovery) │ │ ┌──────────────────────────────────────────────────────────────────┐ │ │ │xxxx@xxxx.xxx │ │ │ └──────────────────────────────────────────────────────────────────┘ │ ├──────────────────────────────────────────────────────────────────────┤ │ < OK > <Cancel> │ └──────────────────────────────────────────────────────────────────────┘ ┌──────────────────────────────────────────────────────────────────────┐ │ Please read the Terms of Service at │ │ https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf. You │ │ must agree in order to register with the ACME server at │ │ https://acme-v01.api.letsencrypt.org/directory │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ ├──────────────────────────────────────────────────────────────────────┤ │ <Agree > <Cancel> │ └──────────────────────────────────────────────────────────────────────┘ IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/demonodepublicdns/fullchain.pem. Your cert will expire on 2016-09-29. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again. To non-interactively renew *all* of your certificates, run "letsencrypt-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le root@ubuntu:/opt/letsencrypt# ls /etc/letsencrypt/live/demonodepublicdns/ cert.pem chain.pem fullchain.pem privkey.pem |
root@ubuntu:/opt/letsencrypt# vim /etc/nginx/sites-available/default server { #listen 80 default_server; #listen [::]:80 default_server ipv6only=on; listen 443 ssl; server_name demonodepublicdns www.demonodepublicdns; ssl_certificate /etc/letsencrypt/live/demonodepublicdns/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/demonodepublicdns/privkey.pem; root /usr/share/nginx/html; index index.html index.htm; # Make site accessible from http://localhost/ server_name localhost; } server { listen 80; server_name demonodepublicdns www.demonodepublicdns; return 301 https://$host$request_uri; } root@ubuntu:/opt/letsencrypt# sudo service nginx reload |
To confirm if your certificates have been set correctly, in a browser try to navigate to https://www.demonodepublicdns and it should show a green lock with https in the url bar like