SSL Certificate of Let's Encrypt and autoodnawianie!

Posted on by

Anyone who is interested, uses or use an encrypted connection for your web site / application - knows what it is, zorientownych for less - it is a novelty on the market, Let's Encrypt zostałstworzony, to give you a free SSL 10 SSL certificates within a single domain for FREE 3 months.

By providing the authors of the project, renewal of certificates can be automated, thus, in principle, you can forget about every-3-month renewal manual.

You need to install the package "git" and several libraries "python'owych".

We will show how to install SSL Let's Encrypta on Debian 8 / Debian 7 / and a web server nginx 1.8.1 / 1.9.14

Updating and installing Gita

1
2
3
apt-get update
apt-get upgrade
apt-get install git -y

Grab the latest parcel Let's Encrypta

1
git clone https://github.com/letsencrypt/letsencrypt

Generating a certificate for existing sites

1
sh /root/letsencrypt/letsencrypt-auto certonly --webroot --webroot-path /var/www --domains strona.pl,www.strona.pl --agree-tos --email admin@strona.pl

–webroot –webroot-path / var / www – this is the path where the files of our website.

–domains strona.pl,www.strona.pl – The name of the page for which you want to generate Certificate.

–email admin@strona.pl our e-mail domain.

setting autoodnowienia:

1
sudo crontab -u root -l; echo "0 0 1 * * sh /root/letsencrypt/letsencrypt-auto renew >> /dev/null && service nginx restart >> /dev/null") | crontab -u root -

The command will be executed by cron every month q1 to ensure business continuity and renewal certificate.

Below configuration vhost:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
server {
    listen 443 ssl;
    server_name         strona.pl www.strona.pl;
    ssl             on;
    ssl_certificate         /etc/letsencrypt/live/strona.pl/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/strona.pl/privkey.pem;
    ssl_trusted_certificate     /etc/letsencrypt/live/strona.pl/chain.pem;
  
    ssl_session_timeout     1d;
    ssl_session_cache       shared:SSL:10m;
    ssl_session_tickets     off;
    ssl_stapling            on;
    ssl_stapling_verify     on;
    resolver            8.8.8.8 8.8.4.4 valid=86400;
    resolver_timeout        10;
    ssl_prefer_server_ciphers   on;
    ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK";
### DALSZA CZĘŚĆ KONFIGURACJI ###  
}
 

How useful this post was?

Click on the star, to evaluate it!

Average grade / 5. number of votes:

So far, no votes! Be the first to rate this post.

Related entries:

As in Ubuntu move to the bottom bar of the screen
Termius interesting alternative to putty
Nvidia drivers in Ubuntu
ack -l DB_NAME wp-config.php wp-admin/setup-config.php wp-config-sample.php wp-content/plugins/litespeed-cache/src/db-optm.cls.php wp-content/plugins/newsletter/system/status.php wp-includes/load.php wp-includes/ms-load.php
gconf-service gconf-service-backend gconf2-common libappindicator1 libc++1 libc++1-9 libc++abi1-9 libdbusmenu-gtk4 libgail-common libgail18 libgconf-2-4 libgtk2.0-0 libgtk2.0-bin libgtk2.0-commonAll-in-one voice and text chat for gamers All-in-one voice and text chat for gamers that's free 22.04