Letsencrypt acme
Under (recommended) root
Step 0¶
Dependencies
sudo apt-get install socat
Step 1: Install Acme.sh¶
curl https://get.acme.sh | sh
restart console session on first install
Step 2 Check installation successful¶
acme.sh --version
Step 3 Configure nginx for validation via portal¶
location /.well-known/acme-challenge/ {
alias /var/www/portal.voronenko.net/.well-known/acme-challenge/;
}
optional (
systemctl nginx configtest
to ensure your syntax is correct and everything adds up. Then run
systemctl nginx reload
)
Step 4 Issue certificate¶
acme.sh --issue -d portal.voronenko.net -w /var/www/portal.voronenko.net/
Step 5 Setup auto renew¶
mkdir -p /etc/nginx/certs/portal.voronenko.net/
acme.sh --install-cert -d portal.voronenko.net --cert-file /etc/nginx/certs/portal.voronenko.net/cert --key-file /etc/nginx/certs/portal.voronenko.net/key --fullchain-file /etc/nginx/certs/portal.voronenko.net/fullchain --reloadcmd "systemctl restart nginx.service"
Step 6 validate¶
crontab -l
ls -la /etc/nginx/certs/portal.voronenko.net/
Step 7 Use certificates in your nginx config¶
server {
listen 443 ssl;
ssl_certificate /etc/nginx/certs/portal.voronenko.net/fullchain;
ssl_certificate_key /etc/nginx/certs/example.com/privkey;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5:
...
}