zeldor.biz

Linux, programming and more

Copyright © 2025
Log in

Let’s Encrypt nginx example

December 22, 2017 by Igor Drobot Leave a Comment

Free SSL certificates! This not a mirage. Follow this instructions step by step and you will be able to secure all your running projects for free.

About let’s encrypt: let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit.

Installation and Usage

wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/sbin/
chmod a+x /usr/local/sbin/certbot-auto

Generate the first certificate:

certbot-auto certonly -a webroot --webroot-path=/srv/www/zeldor.biz -d zeldor.biz

Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/zeldor.biz/

NGINX configuration

ssl_certificate /etc/letsencrypt/live/zeldor.biz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zeldor.biz/privkey.pem;

Apache configuration

SSLCertificateFile "/etc/letsencrypt/live/zeldor.biz/fullchain.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/zeldor.biz/privkey.pem"

Postfix configuration

smtpd_tls_cert_file=/etc/letsencrypt/live/zeldor.biz/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/zeldor.biz/privkey.pem
 
smtp_tls_cert_file=/etc/letsencrypt/live/zeldor.biz/fullchain.pem
smtp_tls_key_file=/etc/letsencrypt/live/zeldor.biz/privkey.pem

Dovecot configuration

File: /etc/dovecot/conf.d/10-ssl.conf

ssl_cert = </etc/letsencrypt/live/mail.zeldor.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.zeldor.com/privkey.pem
ssl_ca = </etc/letsencrypt/live/mail.zeldor.com/chain.pem
ssl_dh = </etc/dovecot/dh.pem

Now check with SSL labs the overall SSL-security for your domain.

Sources
  • Let’s Encrypt Logo from the official website

Filed Under: Linux Tagged With: Certificate, lets's encrypt, Nginx, OpenSSL, SSL

Categories

Archives

Tags

apache2 Apple arduino ARM Automation backup bash Cisco Cluster Corosync Database Debian Debian squeeze DIY DNS Fedora FTP Fun Icinga Ipv6 KVM Linux LVM MAC OS X Monitoring MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy Python python3 qemu RAID rsync Samba security ssh Ubuntu virtualization Windows Windows 7 Wordpress

Leave a Reply

Your email address will not be published. Required fields are marked *

Yeaaah Cookie! We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok