使用 letsencrypt 啟用 SSL

Jan 22, 2017

Let’s Encrypt 是一個免費、自動化、開放的 CA（憑證授權單位），讓我們利用它來啟用對 nginx 服務的 Web 應用程式的 SSL 存取。

Download certbot tool

$ wget https://dl.eff.org/certbot-auto
$ chmod a+x certbot-auto
$ ./certbox-auto

Get certificate for your domain name

$ ./certbot-auto certonly --nginx -d <domain.name>

Find and verify that privkey.pem and fullchain.pem exists

/etc/letsencrypt/live/<domain.name>/privkey.pem
/etc/letsencrypt/live/<domain.name>/fullchain.pem

Config on nginx

server {
    listen   80;
    listen   443 ssl;
    server_name  domain.name;
    ssl_certificate  /etc/letsencrypt/live/domain.name/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/domain.name/privkey.pem;
    location / {
        proxy_pass http://0.0.0.0:8080;
        include /etc/nginx/proxy_params;
    }
}

Renew or update certificate

./certbot-auto renew

參考文獻

• Nginx SSL Certificate Errors
• Configuring HTTPS servers
• Certbot

ssl