Free HTTPS/SSL certificate for your site

This awesome thing made my blog moved to https with A+ rating. There are few steps to patch nginx.

The very first thing is to install certbot for your system, check this. I did this with flag «--manual».

certbot certonly --manual

I also created secure Diffie-Hellman group with the following:

openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Finally added few strings to my nginx site.

server {
  listen 443 ssl;
  listen [::]:443 ssl;

  ssl_certificate /etc/letsencrypt/live/;
  ssl_certificate_key /etc/letsencrypt/live/;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off; # Requires nginx >= 1.5.9
  ssl_stapling on; # Requires nginx >= 1.3.7
  ssl_stapling_verify on; # Requires nginx => 1.3.7
  resolver valid=300s;
  resolver_timeout 5s;
  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;

  ssl_dhparam /etc/ssl/certs/dhparam.pem;

By reloading nginx we can go ahead and check out https. 301 redirects HTTP → HTTPS are the rest to polish overall configuration! That's it!

Free HTTPS/SSL certificate for your site

Check it out here.

In short, this is about:

Start discussion:
Related articles:
Let's Encrypt is free SSL certificate. Running rails app it is not obvious how to renew such cert. Here is the user guide. ... more