Free HTTPS/SSL certificate for your site

This awesome thing made my blog moved to https with A+ rating. There are few steps to patch nginx.

The very first thing is to install certbot for your system, check this. I did this with flag «--manual».


certbot certonly --manual

I also created secure Diffie-Hellman group with the following:


openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Finally added few strings to my nginx site.


server {
  listen 443 ssl;
  listen [::]:443 ssl;
  server_name example.com

  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off; # Requires nginx >= 1.5.9
  ssl_stapling on; # Requires nginx >= 1.3.7
  ssl_stapling_verify on; # Requires nginx => 1.3.7
  resolver 77.88.55.80 5.255.255.80 valid=300s;
  resolver_timeout 5s;
  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;

  ssl_dhparam /etc/ssl/certs/dhparam.pem;
}

By reloading nginx we can go ahead and check out https. 301 redirects HTTP → HTTPS are the rest to polish overall configuration! That's it!

Free HTTPS/SSL certificate for your site

Check it out here.


In short, this is about:
#https
#ssl

Start discussion:
Related articles:
107 how to renew certbot let s encrypt for rails app with capistrano preview
Let's Encrypt is free SSL certificate. Running rails app it is not obvious how to renew such cert. Here is the user guide. ... more