Home > Uncategorized > Apply for a #LetsEncrypt #SSL cert for an #NGINX server

Apply for a #LetsEncrypt #SSL cert for an #NGINX server

Self-signed certs suck. They aren’t secure, and throw nasty security error messages when people access your website.

Let’s encrypt offers real, verifiable SSL certs, that give you that nice padlock in the URL, and most imporantly, they are perfectly secure. So, if you have NGINX running on Linux, here is how you get a SSL cert, and apply it to your server.

So, step 1; is to install the getssl tool, which you can do as follows;

curl --silent https://raw.githubusercontent.com/srvrco/getssl/master/getssl > getssl ; chmod 700 getssl

Step 2, is create a config file for the domain

./getssl -c domain.com

Edit the config file using the pico editor (or other)

pico .getssl/domain.com/getssl.cfg

Make the following changes:


Uncomment CA="https://acme-v02.api.letsencrypt.org"
Edit the ACL line to say:
ACL=('/home/wwwroot/.well-known/acme-challenge')

By uncommenting the line CA=”https://acme-v02.api.letsencrypt.org” it means that you are using the live API, not the sandbox (Fake LE Intermediate and Root X1) CA.

The ACL must point to the location on disk where the root of your website is.

Then create the acme-challenge folder as follows

cd /home/wwwroot
mkdir .well-known
cd .well-known/
mkdir acme-challenge

Then apply for the cert as follows;

sudo ./getssl -d domain.com

Assuming that step ran completely, copy the retrieved cert and key to the nginx folder;

cd .getssl
cd domain.com/

sudo cp *.crt /etc/nginx/
sudo cp *.key /etc/nginx/

sudo nginx -s reload

The NGINX config should resemble the following:

server {

    listen 443;

    ssl_certificate           /etc/nginx/domain.crt;
    ssl_certificate_key       /etc/nginx/domain.key;

    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/domain.access.log;
    location / {
       ...
    }
}
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: