Josheli
  • Home
  • Blog
    • Knob
    • Running
    • Soccer
    • Technology
  • Projects
    • Overview
    • No Instagram
    • Google Photos WordPress Plugin
    • Plex Channels
    • Sh***y Game
    • Soccer In Colorado
    • Statrat
    • The Dot Game
    • Vox cPanel Hacks
    • WW Points Calculator
  • About
Knob , Technology

Installing Let’s Encrypt SSL on Nginx and WordPress

by dv December 19, 2015 No Comments

SSL/HTTPS on Nginx using Let's EncryptHere’s how I installed the free Let’s Encrypt SSL certificate on Nginx to use with this WordPress site. I used this helpful article and some docs from the Let’s Encrypt site to get this working. I’ll have to update the cert every 90 days until I get around to getting that automated.

Basically, the steps can be boiled down to the following:

  • Install the Let’s Encrypt client
  • Stop Nginx so that Let’s Encrypt can do stuff on port 80
  • Run the client
  • Answer some questions
  • Make sure the cert was created
  • Edit your server config to use the SSL cert
  • Restart Nginx

On the command line, that looks like:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt/
sudo service nginx stop
./letsencrypt-auto certonly
sudo ls -al /etc/letsencrypt/live/josheli.com
sudo nano /etc/nginx/sites-available/josheli.com
sudo service nginx restart

And here’s the configuration I use in the server block of my nginx config for this domain:

server {
...
listen 443 ssl;
...
ssl_certificate /etc/letsencrypt/live/josheli.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/josheli.com/privkey.pem;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
...
}

#redirect to ssl
server {
listen 80;
server_name josheli.com;
rewrite ^/(.*) https://josheli.com/$1 permanent;
}

Once I get that auto update working, I’ll add ssl to all my sites. Won’t you trust me then?

Update

To renew the certificate:

$ sudo service nginx stop
$ ./letsencrypt-auto certonly -d josheli.com
$ sudo service nginx start

There are recipes to auto renew and to renew without having to restart nginx, but for now, this is what I do.

Related Content:

  • Setting up WordPress to use SSH for Updates by Dv December 18, 2015 Here's how I set up WordPress to seamlessly use SSH, rather than FTP, for updates. Using this method, I never…
  • Block Website Visitors by Country using GeoIP on Nginx by Dv January 4, 2016 These tech posts on how I did something are mostly just a diary of my own server maintenance, so that…
  • alert("Sarcasm!"); by Dv December 11, 2006 So it's been brought to my attention that the Dot Game is inferior and deficient because it was written in,…
  • A New, Old Hobby: Self-hosted Services by Dv February 21, 2021 I've recently returned to a hobby of mine ... self-hosting various software services and web applications on a server I…
  • Which ruby? by Dv February 26, 2011 Playing around with Ruby, Rails, RefineryCMS... anything installed? ~ $ which ruby nope, ok... ~ $ sudo apt-get install ruby…
It's only fair to share...Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Email this to someone
email
  • Previous Setting up WordPress to use SSH for Updates6 years ago
  • Next Come Run With Me6 years ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Popular Posts

  • Josheli, What Happened? (19,721)
  • Install Ubuntu on HP Laptop with UEFI and new SSD Hard Drive (13,657)
  • Running a Plex Media Server on an Old Laptop (12,218)
  • More Janky Snowboarding Video (9,917)
  • Simple Google Photos: A WordPress Plugin (9,596)

Random Read

Three Saturdays
Jessica said "i want to read more blogs from you, so please get bloggin'." Uh…

Read More

Google Photo
Google Photo
Google Photo
Google Photo

Social Things

  • Family Photos
  • Juiskie’s Instagram
  • Scooter’s Facebook
  • Scooter’s Instagram
  • YouTube Videos
  • DV’s Github
  • Tweet Tweet

RSS From Familyvance

  • Snowshoeing at Brainard Lake
  • Fishing and Hiking at Golden Gate Canyon State Park
  • Rainbow Trout Fishing Report at Waneka Lake
  • Weightless Texas-Rig Plastic Worms at Sawhill Ponds and Coot Lake
  • Sawhill Ponds Fishing Report
2022 Josheli. Donna Theme powered by WordPress