Sign in Subscribe
By Errong Leng

setup https server via An ACME Shell script on nginx

I will give every detail steps when I setup https server for https://git.errong.win.
You can refer as a guide.

acme.sh

acme.sh is probably the easiest & smartest shell script toautomatically issue & renew the free certificates from Let's Encrypt.
Install the shell script via guide

http server nginx conf

First, let's setup a http server first via nginx.
After you installed nginx, the simple way to setup a http server is to add a conf file under /etc/nginx/sites-enabled/ folder.

cat /etc/nginx/sites-enabled/git.errong.com.conf
server {
    listen       80;
    listen       [::]:80;
    server_name  git.errong.com;

    location / {
        root   html;
        index  index.html index.htm;
    }
}

Reload nginx via sudo nginx -s reload

issue free certificates

sudo acme.sh --issue --home /etc/letsencrypt --domain example.com --webroot /home/errong_leng/www/git --reloadcmd "nginx -s reload" --accountemail errong.leng@gmail.com
[Wed Jun 13 01:51:07 UTC 2018] Single domain='git.errong.win'
[Wed Jun 13 01:51:07 UTC 2018] Getting domain auth token for each domain
server {
[Wed Jun 13 01:51:07 UTC 2018] Getting webroot for domain='git.errong.win'
[Wed Jun 13 01:51:07 UTC 2018] Getting new-authz for domain='git.errong.win'
[Wed Jun 13 01:51:08 UTC 2018] The new-authz request is ok.
[Wed Jun 13 01:51:08 UTC 2018] Verifying:git.errong.win
[Wed Jun 13 01:51:11 UTC 2018] Success
[Wed Jun 13 01:51:11 UTC 2018] Verify finished, start to sign.
[Wed Jun 13 01:51:12 UTC 2018] Cert success.

[Wed Jun 13 01:51:12 UTC 2018] Your cert is in  /etc/letsencrypt/git.errong.win/git.errong.win.cer 
[Wed Jun 13 01:51:12 UTC 2018] Your cert key is in  /etc/letsencrypt/git.errong.win/git.errong.win.key 
[Wed Jun 13 01:51:12 UTC 2018] The intermediate CA cert is in  /etc/letsencrypt/git.errong.win/ca.cer 
[Wed Jun 13 01:51:12 UTC 2018] And the full chain certs is there:  /etc/letsencrypt/git.errong.win/fullchain.cer 
[Wed Jun 13 01:51:12 UTC 2018] Run reload cmd: nginx -s reload
[Wed Jun 13 01:51:12 UTC 2018] Reload success

Ok. We have ssl certificates now.

ssl_certificate /etc/letsencrypt/git.errong.win/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/git.errong.win/git.errong.win.key;

https server nginx conf

cat /etc/nginx/sites-enabled/git.errong.win-ssl.conf
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name git.errong.win;
    location / {
        root   html;
        index  index.html index.htm;
    }
}

Now. everything is ready.
Just reload nginx server.

You will find http://git.errong.win and https://git.errong.win work welll now.
Remind :
please replace the server name "git.errong.win" to yours.

Subscribe to Post, Code and Quiet Time.

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe