setup https server via An ACME Shell script on nginx

I will give every detail steps when I setup https server for https://git.errong.win.
You can refer as a guide.

acme.sh

acme.sh is probably the easiest & smartest shell script toautomatically issue & renew the free certificates from Let's Encrypt.
Install the shell script via guide

http server nginx conf

First, let's setup a http server first via nginx.
After you installed nginx, the simple way to setup a http server is to add a conf file under /etc/nginx/sites-enabled/ folder.
cat /etc/nginx/sites-enabled/git.errong.com.conf
server {
    listen       80;
    listen       [::]:80;
    server_name  git.errong.com;

    location / {
        root   html;
        index  index.html index.htm;
    }
}
Reload nginx via sudo nginx -s reload

issue free certificates

sudo acme.sh --issue --home /etc/letsencrypt --domain example.com --webroot /home/errong_leng/www/git --reloadcmd "nginx -s reload" --accountemail errong.leng@gmail.com
[Wed Jun 13 01:51:07 UTC 2018] Single domain='git.errong.win'
[Wed Jun 13 01:51:07 UTC 2018] Getting domain auth token for each domain
server {
[Wed Jun 13 01:51:07 UTC 2018] Getting webroot for domain='git.errong.win'
[Wed Jun 13 01:51:07 UTC 2018] Getting new-authz for domain='git.errong.win'
[Wed Jun 13 01:51:08 UTC 2018] The new-authz request is ok.
[Wed Jun 13 01:51:08 UTC 2018] Verifying:git.errong.win
[Wed Jun 13 01:51:11 UTC 2018] Success
[Wed Jun 13 01:51:11 UTC 2018] Verify finished, start to sign.
[Wed Jun 13 01:51:12 UTC 2018] Cert success.

[Wed Jun 13 01:51:12 UTC 2018] Your cert is in  /etc/letsencrypt/git.errong.win/git.errong.win.cer 
[Wed Jun 13 01:51:12 UTC 2018] Your cert key is in  /etc/letsencrypt/git.errong.win/git.errong.win.key 
[Wed Jun 13 01:51:12 UTC 2018] The intermediate CA cert is in  /etc/letsencrypt/git.errong.win/ca.cer 
[Wed Jun 13 01:51:12 UTC 2018] And the full chain certs is there:  /etc/letsencrypt/git.errong.win/fullchain.cer 
[Wed Jun 13 01:51:12 UTC 2018] Run reload cmd: nginx -s reload
[Wed Jun 13 01:51:12 UTC 2018] Reload success
Ok. We have ssl certificates now.
ssl_certificate /etc/letsencrypt/git.errong.win/fullchain.cer; 
ssl_certificate_key /etc/letsencrypt/git.errong.win/git.errong.win.key; 

https server nginx conf

cat /etc/nginx/sites-enabled/git.errong.win-ssl.conf
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name git.errong.win;
    location / {
        root   html;
        index  index.html index.htm;
    }
}
 
Now. everything is ready.
Just reload nginx server.
You will find http://git.errong.win and https://git.errong.win work welll now.
Remind :
please replace the server name "git.errong.win" to yours.

No comments:

Post a Comment

fixed: embedded-redis: Unable to run on macOS Sonoma

Issue you might see below error while trying to run embedded-redis for your testing on your macOS after you upgrade to Sonoma. java.la...