Setup free SSL with Let’s Encrypt and Nginx

If you search Google for “free SSL”, there are many companies provide you a free trial SSL for only 90 days or less. After that, you will have to pay.

Now, thanks to Let’s Encrypt. It’s no longer needed.
You can claim your own SSL certificate for free!

In this post, I will show you how to create your own free SSL certificate with
Let’s Encrypt and setup it with nginx.

 1. Install Let’s Encrypt

It’s recommended to run Let’s Encrypt on Linux.

The setup process is very simple, just clone it from Github:

git clone 

Then, navigate to letsencrypt folder and start the program to automatically setup everything.

cd letsencrypt ./letsencrypt-auto

Run this command to create your SSL certificate:

./letsencrypt-auto certonly --standalone --email admin@yourdomain.com -d yourdomain.com -d 

Don’t forget to replace yourdomain.com as your own domain address.

Your certificate now available in /etc/letsencrypt/live/yourdomain.com

 3. Setup nginx to use created certificate

Now, use your favorite editor and open /etc/nginx/sites-available/default file,
add the config below right after your port 80 config:

server {  
    listen 443;
    server_name localhost;
    root html;
    index index.html index.htm;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
    ssl_session_timeout 1d;
    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";
    ssl_prefer_server_ciphers on;
    ssl_trusted_certificate /etc/letsencrypt/live/yourdomain.com/chain.pem;
    location / {
        try_files $uri $uri/ =404;
    }
}

 4. Finish

Now you can save the file and restart nginx to see the result:

service nginx stop service nginx start
 
2
Kudos
 
2
Kudos

Now read this

Creating virtual dev environment with xhyve

xhyve is the awesome lightweight virtual machine for Mac OS X. In this post, I will show you how to have the same target as Vagrant with xhyve. At the end of this post, we will have the virtual environment which synced with the host OS’s... Continue →

Subscribe to The Full Snack Developer

Don’t worry; we hate spam with a passion.
You can unsubscribe with one click.

S9LXLa7CrucYvIzThg7