Hello HTTPS thanks letsencrypt!

Recently I read some where about lets encrypt (https://letsencrypt.org/) organization, which allows to generate ssl certificates for your site, I’ve a bit of them, so I thought that it would be nice to have it too and switch my old sites into safe ones. So on my debian server I used prepared tool, so for future me, when I want to install new domain, this is basic commands and configuration for nginx.
To run pip command (https://github.com/kshcherban/acme-nginx):
sudo apt-get install python-setuptools sudo apt-get install python-pip python-dev build-essential pip install acme-nginx
it will install some soft/certs etc… and than you can run (for fresh start:)
sudo acme-nginx -d domain.pl -d www.domain.pl
it will generate some key and pem, next you have to rename files 'letsencrypt-domain.key' and 'letsencrypt-domain.pem' to related with your domain, than in nginx conf of domain:
server { listen 80; server_name www.domain.pl domain.pl; rewrite ^/(.*) https://domain.pl/$1 permanent; } server { server_name domain.pl; listen ip:443 ssl spdy; ssl on; ssl_certificate /path/to/letsencrypt-domain.pem; ssl_certificate_key /path/to/letsencrypt-domain.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; add_header Strict-Transport-Security max-age=31536000; #... other settings }
than for existing account:
acme-nginx -k /path/to/;etsencrypt-account.key -d next-domain.pl -d www.next-domain.pl
I don’t know why, but I script couldn’t open file:
Can not open key /etc/ssl/private/letsencrypt-domain.key, generating new Trying to register account key Already registered!
However it generates the proper files so no problem, and after one year… generate it again…
or better put to cronJob
cat /etc/cron.d/renew-cert
12 11 10 * * root /usr/local/bin/acme-nginx -d domain.pl -d www.domain.pl >> /var/log/letsencrypt.log
I’m not sure, whether it will generate proper file – have to check to docs… how to generate key and pem with proper files, otherwise it will override file for other domains…
that is… so simple 😉
Edit:
# I dont know why YET... but after 3 month my certificate is expired... acme-nginx -k /etc/nginx/ssl/domain -d domain_name -d www.doman_name mv /etc/ssl/private/letsencrypt-domain.pem /etc/ssl/private/letsencrypt-admin_name.pem mv /etc/ssl/private/letsencrypt-domain.key /etc/ssl/private/letsencrypt-domain_name.key # and restart nginx
Najnowsze komentarze