Nginx: Difference between revisions

Jump to navigation Jump to search
74 bytes removed ,  7 April 2022
imported>Sjwhitak
(Pretty templates)
imported>Sjwhitak
 
Instead, we can use a free service, [https://letsencrypt.org/ Let's Encrypt], [https://dehydrated.io/ Dehydrated], or [https://zerossl.com/ ZeroSSL]. Let's Encrypt is the most common, and is a straightforward set up.
{{RootCmd|apt install certbot python3-certbot-nginx}}
<syntaxhighlight lang="bash">
apt install certbot python3-certbot-nginx
</syntaxhighlight>
Once certbot is installed, ensure your domain is pointed to the correct nginx server, then run:
{{RootCmd|certbot --nginx -d example.com -d ...}}
<syntaxhighlight lang="bash">
certbot --nginx -d example.com -d ...
</syntaxhighlight>
Where you can keep chaining <code>-d <domain></code> for each domain you have. <code>python3-certbot-nginx</code> will find the right nginx configuration to call, and <code>certbot</code> will make sure you've got rights to that domain. You can't just run certbot on google.com, you need to own the domain and the IP that domain is connected to. At this point, <code>python3-certbot-nginx</code> should have edited your nginx configuration to have certbot's certificate auto-configured. If you force https, you'll see:
<syntaxhighlight lang="nginx" line>
[https://letsencrypt.org/ Let's Encrypt] is simple. Just run <code>certbot renew</code> and it'll renew your certificate.
 
[https://letsencrypt.org/ Let's Encrypt]'s certificates are valid for 3 months, so you can update this every 3 months when it expires. Or, have a cronjob do it for you! Type <code>crontab -e</code> and then add:
{{RootCmd|crontab -e}}
and then add:
 
0 12 * * * /usr/bin/certbot renew --quiet
Anonymous user

Navigation menu