I will give every detail steps when I setup https server for https://git.errong.win.
You can refer as a guide.
Install the shell script via guide
After you installed nginx, the simple way to setup a http server is to add a conf file under /etc/nginx/sites-enabled/ folder.
Just reload nginx server.
You will find http://git.errong.win and https://git.errong.win work welll now.
Remind :
please replace the server name "git.errong.win" to yours.
You can refer as a guide.
acme.sh
acme.sh is probably the easiest & smartest shell script toautomatically issue & renew the free certificates from Let's Encrypt.Install the shell script via guide
http server nginx conf
First, let's setup a http server first via nginx.After you installed nginx, the simple way to setup a http server is to add a conf file under /etc/nginx/sites-enabled/ folder.
cat /etc/nginx/sites-enabled/git.errong.com.conf
server {
listen 80;
listen [::]:80;
server_name git.errong.com;
location / {
root html;
index index.html index.htm;
}
}
Reload nginx via sudo nginx -s reload
issue free certificates
sudo acme.sh --issue --home /etc/letsencrypt --domain example.com --webroot /home/errong_leng/www/git --reloadcmd "nginx -s reload" --accountemail errong.leng@gmail.com
[Wed Jun 13 01:51:07 UTC 2018] Single domain='git.errong.win'
[Wed Jun 13 01:51:07 UTC 2018] Getting domain auth token for each domain
server {
[Wed Jun 13 01:51:07 UTC 2018] Getting webroot for domain='git.errong.win'
[Wed Jun 13 01:51:07 UTC 2018] Getting new-authz for domain='git.errong.win'
[Wed Jun 13 01:51:08 UTC 2018] The new-authz request is ok.
[Wed Jun 13 01:51:08 UTC 2018] Verifying:git.errong.win
[Wed Jun 13 01:51:11 UTC 2018] Success
[Wed Jun 13 01:51:11 UTC 2018] Verify finished, start to sign.
[Wed Jun 13 01:51:12 UTC 2018] Cert success.
[Wed Jun 13 01:51:12 UTC 2018] Your cert is in /etc/letsencrypt/git.errong.win/git.errong.win.cer
[Wed Jun 13 01:51:12 UTC 2018] Your cert key is in /etc/letsencrypt/git.errong.win/git.errong.win.key
[Wed Jun 13 01:51:12 UTC 2018] The intermediate CA cert is in /etc/letsencrypt/git.errong.win/ca.cer
[Wed Jun 13 01:51:12 UTC 2018] And the full chain certs is there: /etc/letsencrypt/git.errong.win/fullchain.cer
[Wed Jun 13 01:51:12 UTC 2018] Run reload cmd: nginx -s reload
[Wed Jun 13 01:51:12 UTC 2018] Reload success
Ok. We have ssl certificates now.ssl_certificate /etc/letsencrypt/git.errong.win/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/git.errong.win/git.errong.win.key;
https server nginx conf
cat /etc/nginx/sites-enabled/git.errong.win-ssl.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name git.errong.win;
location / {
root html;
index index.html index.htm;
}
}
Now. everything is ready.
Just reload nginx server.
You will find http://git.errong.win and https://git.errong.win work welll now.
Remind :
please replace the server name "git.errong.win" to yours.