Author: yifei / Created: July 1, 2017, 10:48 a.m. / Modified: July 1, 2017, 10:34 p.m. / Edit

install certbot

see ~/.dotfiles/installs/install_certbot.sh

create new cert

if you already have a server up and running

certbot certonly  --webroot -w /opt/spider/nginx/html/ -d shujutuzi.com -d www.shujutuzi.com

if you don't have a server up and running

certbot certonly --standalone --agree-tos --email kongyifei@gmail.com --domain DOMAIN_ANME --preferred-challenges http --non-interactive

the cert is placed at /etc/letsencrypt/live/DOMAIN_NAME/

there will be four certs:

install the cert

add this line to you nginx.conf file, change these lines in default nginx config file:

ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/shujutuzi.com/privkey.pem;

remember to redirect your http traffic to your https one:

server { listen 80; server_name example.com www.example.com; return 301 https://$host$request_uri; }

auto renew

create a cron job to run renew peroidcally

cerbot renew --pre-hook "/opt/spider/nginx/sbin/nginx -s stop" --post-hook "/opt/spider/nginx/sbin/nginx -s start" --quiet