setup https server via An ACME Shell script on nginx

I will give every detail steps when I setup https server for https://git.errong.win.
You can refer as a guide.

acme.sh

acme.sh is probably the easiest & smartest shell script toautomatically issue & renew the free certificates from Let's Encrypt.
Install the shell script via guide

http server nginx conf

First, let's setup a http server first via nginx.
After you installed nginx, the simple way to setup a http server is to add a conf file under /etc/nginx/sites-enabled/ folder.
cat /etc/nginx/sites-enabled/git.errong.com.conf
server {
    listen       80;
    listen       [::]:80;
    server_name  git.errong.com;

    location / {
        root   html;
        index  index.html index.htm;
    }
}
Reload nginx via sudo nginx -s reload

issue free certificates

sudo acme.sh --issue --home /etc/letsencrypt --domain example.com --webroot /home/errong_leng/www/git --reloadcmd "nginx -s reload" --accountemail errong.leng@gmail.com
[Wed Jun 13 01:51:07 UTC 2018] Single domain='git.errong.win'
[Wed Jun 13 01:51:07 UTC 2018] Getting domain auth token for each domain
server {
[Wed Jun 13 01:51:07 UTC 2018] Getting webroot for domain='git.errong.win'
[Wed Jun 13 01:51:07 UTC 2018] Getting new-authz for domain='git.errong.win'
[Wed Jun 13 01:51:08 UTC 2018] The new-authz request is ok.
[Wed Jun 13 01:51:08 UTC 2018] Verifying:git.errong.win
[Wed Jun 13 01:51:11 UTC 2018] Success
[Wed Jun 13 01:51:11 UTC 2018] Verify finished, start to sign.
[Wed Jun 13 01:51:12 UTC 2018] Cert success.

[Wed Jun 13 01:51:12 UTC 2018] Your cert is in  /etc/letsencrypt/git.errong.win/git.errong.win.cer 
[Wed Jun 13 01:51:12 UTC 2018] Your cert key is in  /etc/letsencrypt/git.errong.win/git.errong.win.key 
[Wed Jun 13 01:51:12 UTC 2018] The intermediate CA cert is in  /etc/letsencrypt/git.errong.win/ca.cer 
[Wed Jun 13 01:51:12 UTC 2018] And the full chain certs is there:  /etc/letsencrypt/git.errong.win/fullchain.cer 
[Wed Jun 13 01:51:12 UTC 2018] Run reload cmd: nginx -s reload
[Wed Jun 13 01:51:12 UTC 2018] Reload success
Ok. We have ssl certificates now.
ssl_certificate /etc/letsencrypt/git.errong.win/fullchain.cer; 
ssl_certificate_key /etc/letsencrypt/git.errong.win/git.errong.win.key;

https server nginx conf

cat /etc/nginx/sites-enabled/git.errong.win-ssl.conf
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name git.errong.win;
    location / {
        root   html;
        index  index.html index.htm;
    }
}
 
Now. everything is ready.
Just reload nginx server.
You will find http://git.errong.win and https://git.errong.win work welll now.
Remind :
please replace the server name "git.errong.win" to yours.

Comments

Post a Comment

Popular posts from this blog

react-native run-android : do not build/update modified code(App.js)

Solution react-native bundle --platform android --dev false --entry-file index.js --bundle-output android/app/src/main/assets/index.android.bundle --assets-dest android/app/src/main/res c:\Users\lenger\Desktop\webrowser>react-native bundle --platform android --dev false --entry-file index.js --bundle-output android/app/src/main/assets/index.android.bundle --assets-dest android/app/src/main/res Scanning folders for symlinks in c:\Users\lenger\Desktop\webrowser\node_modules (43ms) Scanning folders for symlinks in c:\Users\lenger\Desktop\webrowser\node_modules (38ms) Loading dependency graph, done. bundle: start bundle: finish bundle: Writing bundle output to: android/app/src/main/assets/index.android.bundle bundle: Done writing bundle output Run react-native run-android again, you will find your modification work.
Read more

react-native run-android : sun.security.provider.cert path.SunCertPathBuilderException : unable to find valid certification path to req uested target

Image
F:\webrowser>react-native run-android Scanning folders for symlinks in F:\webrowser\node_modules (73ms) Starting JS server... Building and installing the app on the device (cd android && gradlew.bat install Debug)... Downloading https://services.gradle.org/distributions/gradle-4.1-all.zip Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.val idator.ValidatorException: PKIX path building failed: sun.security.provider.cert path.SunCertPathBuilderException: unable to find valid certification path to req uested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker. java:1514) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.jav a:216) at s
Read more

How to fix error : no module named sendgrid when try to use sendgrid python lib in PHP.

Image
"no module named sendgrid" error reported with below codes: <?php system("/usr/bin/python sendmail.py 2>&1"); system("/usr/bin/python --version 2>&1", $ret); ?> sendmail.py import sendgrid import os from sendgrid.helpers.mail import * sg = sendgrid.SendGridAPIClient( apikey = os.environ.get( ' SENDGRID_API_KEY ' )) from_email = Email( " test@example.com " ) to_email = Email( " test@example.com " ) subject = " Sending with SendGrid is Fun " content = Content( " text/plain " , " and easy to do anywhere, even with Python " ) mail = Mail(from_email, subject, to_email, content) response = sg.client.mail.send.post( request_body = mail.get()) print (response.status_code) print (response.body) print (response.headers) ....
Read more