Josheli
  • Home
  • Blog
    • Knob
    • Running
    • Soccer
    • Technology
  • Projects
    • Overview
    • No Instagram
    • Google Photos WordPress Plugin
    • Plex Channels
    • Sh***y Game
    • Soccer In Colorado
    • Statrat
    • The Dot Game
    • Vox cPanel Hacks
    • WW Points Calculator
  • About
Knob , Technology

Installing Let’s Encrypt SSL on Nginx and WordPress

by dv December 19, 2015 No Comments

SSL/HTTPS on Nginx using Let's EncryptHere’s how I installed the free Let’s Encrypt SSL certificate on Nginx to use with this WordPress site. I used this helpful article and some docs from the Let’s Encrypt site to get this working. I’ll have to update the cert every 90 days until I get around to getting that automated.

Basically, the steps can be boiled down to the following:

  • Install the Let’s Encrypt client
  • Stop Nginx so that Let’s Encrypt can do stuff on port 80
  • Run the client
  • Answer some questions
  • Make sure the cert was created
  • Edit your server config to use the SSL cert
  • Restart Nginx

On the command line, that looks like:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt/
sudo service nginx stop
./letsencrypt-auto certonly
sudo ls -al /etc/letsencrypt/live/josheli.com
sudo nano /etc/nginx/sites-available/josheli.com
sudo service nginx restart

And here’s the configuration I use in the server block of my nginx config for this domain:

server {
...
listen 443 ssl;
...
ssl_certificate /etc/letsencrypt/live/josheli.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/josheli.com/privkey.pem;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
...
}

#redirect to ssl
server {
listen 80;
server_name josheli.com;
rewrite ^/(.*) https://josheli.com/$1 permanent;
}

Once I get that auto update working, I’ll add ssl to all my sites. Won’t you trust me then?

Update

To renew the certificate:

$ sudo service nginx stop
$ ./letsencrypt-auto certonly -d josheli.com
$ sudo service nginx start

There are recipes to auto renew and to renew without having to restart nginx, but for now, this is what I do.

Related Content:

  • Setting up WordPress to use SSH for Updates by Dv December 18, 2015 Here's how I set up WordPress to seamlessly use SSH, rather than FTP, for updates. Using this method, I never…
  • Block Website Visitors by Country using GeoIP on Nginx by Dv January 4, 2016 These tech posts on how I did something are mostly just a diary of my own server maintenance, so that…
  • alert("Sarcasm!"); by Dv December 11, 2006 So it's been brought to my attention that the Dot Game is inferior and deficient because it was written in,…
  • A New, Old Hobby: Self-hosted Services by Dv February 21, 2021 I've recently returned to a hobby of mine ... self-hosting various software services and web applications on a server I…
  • Which ruby? by Dv February 26, 2011 Playing around with Ruby, Rails, RefineryCMS... anything installed? ~ $ which ruby nope, ok... ~ $ sudo apt-get install ruby…
  • Previous Setting up WordPress to use SSH for Updates6 years ago
  • Next Come Run With Me6 years ago

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts

  • Josheli, What Happened? (15,909)
  • Install Ubuntu on HP Laptop with UEFI and new SSD Hard Drive (12,177)
  • Running a Plex Media Server on an Old Laptop (11,211)
  • More Janky Snowboarding Video (8,915)
  • Simple Google Photos: A WordPress Plugin (7,891)

Random Read

Taking Youth Soccer Too Seriously
Saw a tweet recently that read: "The worst thing about youth sports? Adults." My kid…

Read More

Google Photo
Google Photo
Google Photo
Google Photo

Social Things

  • Family Photos
  • Juiskie’s Instagram
  • Scooter’s Facebook
  • Scooter’s Instagram
  • YouTube Videos
  • DV’s Github
  • Tweet Tweet

RSS From Familyvance

  • Snowshoeing at Brainard Lake
  • Fishing and Hiking at Golden Gate Canyon State Park
  • Rainbow Trout Fishing Report at Waneka Lake
  • Weightless Texas-Rig Plastic Worms at Sawhill Ponds and Coot Lake
  • Sawhill Ponds Fishing Report
2021 Josheli. Donna Theme powered by WordPress