Enable ssl with letsencrypt
Let’s Encrypt is a free, automated, and open CA (Certificate Authority) and let's make use of it to enable ssl access to web application serviced by nginx.
Download certbot tool
$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto
$ ./certbox-auto
Get certificate for your domain name
$ ./certbot-auto certonly --nginx -d <domain.name>
Find and verify that privkey.pem and fullchain.pem exists
/etc/letsencrypt/live/<domain.name>/privkey.pem
/etc/letsencrypt/live/<domain.name>/fullchain.pem
Config on nginx
server {
listen 80;
listen 443 ssl;
server_name domain.name;
ssl_certificate /etc/letsencrypt/live/domain.name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.name/privkey.pem;
location / {
proxy_pass http://0.0.0.0:8080;
include /etc/nginx/proxy_params;
}
}
Renew or update certificate
./certbot-auto renew
References