Setting up letsencrypt with nginx

Install certbot

Manual installation

Add backports to apt repositories, just add the next line to /etc/apt/sources.list.d/backports.list:

1
echo 'deb http://ftp.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/backports.list

Then update apt repositories:

1
apt update
1
apt-get install certbot -t jessie-backports

Using Ansible playbook

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
- name: configure backports apt repository
apt_repository:
filename: backports
repo: "deb http://http.debian.net/debian jessie-backports main"
update_cache: yes
tags:
- apt
- backports

- name: Install certbot
apt:
name: certbot
update_cache: yes
default_release: jessie-backports
state: latest

Setting up nginx to serve .well-known verification requests

Create the letsencrypt folder:

1
mkdir -p /var/www/letsencrypt

Just add this lines inside your server block:

1
2
3
4
5
6
7
8
server {
location /.well-known/acme-challenge/ {
allow all;
root /var/www/letsencrypt;
try_files $uri =404;
break;
}
}

Request your certificate

1
certbot certonly --webroot -w /var/www/letsencrypt/ -d your-domain.com --renew-by-default

Add your SSL configuration to nginx

1
2
3
4
5
6
7
8
9
10
11
12
13
14
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem ;
ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;

server_name your-domain.com;

location / {
# your location configuration as you usually do in listen 80 block
}

access_log /var/log/nginx/your-domain.com.access.log;
error_log /var/log/nginx/your-domain.com.error.log;
}

(Optional) force http to be redirected to https

Just add this line inside server block which is listening to 80 port:

1
return 301 https://$server_name$request_uri;

Issues

failed (SSL: error:02001002:system library

Solution: It can be a permissions issue or mistyped directory.

Comments

⬆︎TOP