SSL Certificate
This page describes setting up an SSL Certificate on nginx
SSL Certificate request and installation
Usually certificate requesting and installation can be a cumbersome task, but a new initiative by ISRG has made this very easy:
- Download the tool on the server:
$ git clone https://github.com/letsencrypt/letsencrypt
- Stop nginx, so that the tool can utilize port 80/443
- Run the tool like this, if the server is sc40:
$ ./letsencrypt-auto certonly --standalone -d sc40.scandiatransplant.org - (OR root@sc37:/home/sctp/letsencrypt$ letsencrypt-auto renew)
- Verify that the nginx config-file, /etc/nginx/sites-enabled/default, references the new generated keys:ssl_certificate /etc/letsencrypt/archive/sc40.scandiatransplant.org/fullchain*.pem;ssl_certificate_key /etc/letsencrypt/archive/sc40.scandiatransplant.org/privkey*.pem;
SSL Certificate update by cron
Is one of the few things done by cron of root by means of a script /root/bin/letsencrypt_renew.sh on both sc37 and sc40. This is processed weekly and renews certificates which expires within 14 days.