Start HTTPS with Let's Encrypt

Reference document:

• https://certbot.eff.org/docs/intro.html
• https://certbot.eff.org/docs/using.html

You can configure it step by step.

1. install certbot

   1 2 3 4 5 6

   apt-get update apt-get install software-properties-common add-apt-repository universe add-apt-repository ppa:certbot/certbot apt-get update apt-get install certbot

2. generate SSL/TLS certificate file

   1	certbot certonly --webroot -w /var/www/html -d example.com --email [email protected]

3. then you can find the file in /etc/letsencrypt/live/example.com/

4. modify nginx config

   1 2 3 4 5 6 7 8 9 10 11

   # Session ssl_session_cache shared:SSL:32m; ssl_session_timeout 1d; # HSTS add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # Forward Secrecy ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1; ssl_prefer_server_ciphers on; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;

5. then modify host config file and reload nginx

6. now you can visit your website with https

7. when ths certificate file is expired, you can execute certbot renew for update

8. in addition, you can visit https://www.ssllabs.com/ssltest/ to test your website SSL/TLS config