Start HTTPS with Let's Encrypt
Reference document:
You can configure it step by step.
- install certbot
1 2 3 4 5 6
$ apt-get update $ apt-get install software-properties-common $ add-apt-repository universe $ add-apt-repository ppa:certbot/certbot $ apt-get update $ apt-get install certbot
- generate SSL/TLS certificate file
1
$ certbot certonly --webroot -w /var/www/html -d example.com --email [email protected]
- then you can find the file in
/etc/letsencrypt/live/example.com/
- modify nginx config
1 2 3 4 5 6 7 8 9 10 11
# Session ssl_session_cache shared:SSL:32m; ssl_session_timeout 1d; # HSTS add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # Forward Secrecy ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1; ssl_prefer_server_ciphers on; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;
- then modify host config file and reload nginx
- now you can visit your website with https
- when ths certificate file is expired, you can execute
certbot renew
for update - in addition, you can visit https://www.ssllabs.com/ssltest/ to test your website SSL/TLS config
Author Linfeng
LastMod 2023-09-01