Nginx: Difference between revisions
Jump to navigation
Jump to search
→TLS
imported>Sjwhitak (Pretty templates) |
imported>Sjwhitak (→TLS) |
||
|
Instead, we can use a free service, [https://letsencrypt.org/ Let's Encrypt], [https://dehydrated.io/ Dehydrated], or [https://zerossl.com/ ZeroSSL]. Let's Encrypt is the most common, and is a straightforward set up.
{{RootCmd|apt install certbot python3-certbot-nginx}}▼
▲apt install certbot python3-certbot-nginx
Once certbot is installed, ensure your domain is pointed to the correct nginx server, then run:
{{RootCmd|certbot --nginx -d example.com -d ...}}▼
▲certbot --nginx -d example.com -d ...
Where you can keep chaining <code>-d <domain></code> for each domain you have. <code>python3-certbot-nginx</code> will find the right nginx configuration to call, and <code>certbot</code> will make sure you've got rights to that domain. You can't just run certbot on google.com, you need to own the domain and the IP that domain is connected to. At this point, <code>python3-certbot-nginx</code> should have edited your nginx configuration to have certbot's certificate auto-configured. If you force https, you'll see:
<syntaxhighlight lang="nginx" line>
[https://letsencrypt.org/ Let's Encrypt] is simple. Just run <code>certbot renew</code> and it'll renew your certificate.
[https://letsencrypt.org/ Let's Encrypt]'s certificates are valid for 3 months, so you can update this every 3 months when it expires. Or, have a cronjob do it for you! Type
{{RootCmd|crontab -e}}
and then add:
0 12 * * * /usr/bin/certbot renew --quiet
| |||