zeldor.biz

Linux, programming and more

Copyright © 2018 · on Genesis Framework · WordPress · Log in

Let’s Encrypt nginx example

December 22, 2017 by Igor Drobot Leave a Comment

Free SSL certificates! This not a mirage. Follow this instructions step by step and you will be able to secure all your running projects for free.

About let’s encrypt: let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit.

1
2
3
wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/sbin/
chmod a+x /usr/local/sbin/certbot-auto

wget https://dl.eff.org/certbot-auto mv certbot-auto /usr/local/sbin/ chmod a+x /usr/local/sbin/certbot-auto

certbot-auto certonly -a webroot --webroot-path=/srv/www/zeldor.biz -d zeldor.biz

certbot-auto certonly -a webroot --webroot-path=/srv/www/zeldor.biz -d zeldor.biz

Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/zeldor.biz/fullchain.pem

Nginx-configuration example:

1
2
ssl_certificate /etc/letsencrypt/live/zeldor.biz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/zeldor.biz/privkey.pem;

ssl_certificate /etc/letsencrypt/live/zeldor.biz/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/zeldor.biz/privkey.pem;

Apache2-configuration example:

1
2
SSLCertificateFile "/etc/letsencrypt/live/zeldor.biz/fullchain.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/zeldor.biz/privkey.pem"

SSLCertificateFile "/etc/letsencrypt/live/zeldor.biz/fullchain.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/zeldor.biz/privkey.pem"

Postfix-configuration example:

1
2
3
4
5
smtpd_tls_cert_file=/etc/letsencrypt/live/zeldor.biz/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/zeldor.biz/privkey.pem
 
smtp_tls_cert_file=/etc/letsencrypt/live/zeldor.biz/fullchain.pem
smtp_tls_key_file=/etc/letsencrypt/live/zeldor.biz/privkey.pem

smtpd_tls_cert_file=/etc/letsencrypt/live/zeldor.biz/fullchain.pem smtpd_tls_key_file=/etc/letsencrypt/live/zeldor.biz/privkey.pem smtp_tls_cert_file=/etc/letsencrypt/live/zeldor.biz/fullchain.pem smtp_tls_key_file=/etc/letsencrypt/live/zeldor.biz/privkey.pem

Dovecot-configuration example (/etc/dovecot/conf.d/10-ssl.conf):

1
2
3
ssl_cert = </etc/letsencrypt/live/zeldor.biz/fullchain.pem
ssl_key = </etc/letsencrypt/live/zeldor.biz/privkey.pem
ssl_ca = </etc/letsencrypt/live/zeldor.biz/chain.pem

ssl_cert = </etc/letsencrypt/live/zeldor.biz/fullchain.pem ssl_key = </etc/letsencrypt/live/zeldor.biz/privkey.pem ssl_ca = </etc/letsencrypt/live/zeldor.biz/chain.pem

Now check with ssllabs the overall SSL-security for your domain.

Sources:
Let’s Encrypt logo

Filed Under: Linux Tagged With: Certificate, lets's encrypt, Nginx, OpenSSL, SSL

Categories

Archives

Tags

apache2 Apple arduino backup bash Cisco Debian Debian squeeze DIY Exim4 Fedora FTP Fun GIT Icinga IMAP Ipv6 Juniper KVM Linux LVM MAC OS X Monitoring Munin MySQL Nagios Nginx openSUSE OpenVPN PHP Proxy qemu RAID raid1 rsync Samba security ssh SSL Ubuntu virtualization Windows Windows 7 Wordpress Xen

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *