Let’s Encrypt is a new Certificate Authority. It’s free, automated, and open, thereby enabling encrypted HTTPS on web servers. It simplifies the process by providing a software client, letsencrypt, that attempts to automate most (if not all) of the required steps.
You must own or control the registered domain name that you wish to use the certificate with and you need to have Nginx installed to.
Commands:
sudo apt-get update
sudo apt-get -y install git
sudo git clone https://github.com/letsencrypt/letsen... /opt/letsencrypt
sudo nano /etc/nginx/sites-available/default
--------
location ~ /.well-known {
allow all;
}
--------
sudo nginx -t
sudo systemctl reload nginx
cd /opt/letsencrypt
./letsencrypt-auto certonly -a webroot --webroot-path=/var/www/html -d nipone.com -d www.nipone.com
sudo ls -l /etc/letsencrypt/live/your_domain_name
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
sudo nano /etc/nginx/snippets/ssl-example.com.conf
---------------
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
---------------
sudo nano /etc/nginx/snippets/ssl-params.conf
---------------
from https://cipherli.st/
and https://raymii.org/s/tutorials/Strong...
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
-------------
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
sudo nano /etc/nginx/sites-available/default
------------
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
}
server {
SSL configuration
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
-------------
sudo systemctl restart nginx
==============
In a web browser:
https://www.ssllabs.com/ssltest/analy...
==============
/opt/letsencrypt/letsencrypt-auto renew
sudo crontab -e
------------Here you have Brackets please don't just copy paste you must replace those big brackets with normal one ---------------
30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
35 2 * * 1 /bin/systemctl reload nginx
-------------
cd /opt/letsencrypt
sudo git pull
_____________________________________
Music by Joakim Karud / joakimkarud
You can always Deploy an SSD cloud server in 55 seconds
with Digitalocean.
Anyone how use this link will receive $10 in hosting credit immediately after unlocking their account by adding a valid payment method.
Sign Up with this link
https://m.do.co/c/7b9082af029f