May
22nd,
2017
Let’s Encrypt is Certificate Authority (CA) and provide free SSL/TLS certificates to enable HTTPS connections on our website. It’s very simple to implement and integrate to nginx, you just have to generate the certificate with certbot script and add it to the server configuration. I am currently running Slackware 14, to run certbot, I need install the follow pyhton packages with easy_install:
- python-setuptools
- zope.interface
- zope.component
- six
- pytz
- pyrfc3339
- PyOpenSSL
- python-parsedatetime
- parsedatetime
- mock
- configobj
- ConfigArgParse
- requests
- psutil
- pycparser
- ipaddress
- enum34
- idna
- cffi
- pyasn1
- cryptography
- ndg_httpsclient
- python2-pythondialog
- python-augeas
Now, running this command will get a certificate.
certbot certonly -a webroot --webroot-path=/usr/share/nginx/html -d mydomain.cl
After obtaining the cert, you will have the following PEM-encoded files:
- cert1.pem: Your domain’s certificate
- chain1.pem: The Let’s Encrypt chain certificate
- fullchain1.pem: cert.pem and chain.pem combined
- privkey1.pem: Your certificate’s private key
You can check that the files exist by running the command:
ls -l /etc/letsencrypt/live/mydomain.cl
Within this file, we just need to set:
- ssl_certificate: directive to our certificate file
- ssl_certificate_key: associated key.
the nginx.conf should looks like this:
# HTTPS server
#
server {
listen 443 ssl;
server_name mydomain.cl;
ssl_certificate /etc/letsencrypt/live/mydomain.cl/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomain.cl/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /var/www/nginx/public;
index index.html index.htm;
}
...
}