Cloud-handbok

Explore

SSL

Certbot
Certbot

(Kräver en URL-domän DNS från tex Azure)

DNS domän Azure⁠

Du anger då in DNS-domän som din domän i nedan instruktion (istället för example.com)

1. Download the Let’s Encrypt Client
`https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/#1.-Download-the-Let’s Encrypt-Client`⁠
⁠

First, download the Let’s Encrypt client, certbot.

As mentioned just above, we tested the instructions on Ubuntu 16.04, and these are the appropriate commands on that platform:

$ apt-get update

$ sudo apt-get install certbot

$ apt-get install python-certbot-nginx

With Ubuntu 18.04 and later, substitute the Python 3 version:

$ apt-get update

$ sudo apt-get install certbot

$ apt-get install python3-certbot-nginx

2. Set Up NGINX
`https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/#2.-Set-Up-NGINX`⁠
⁠

certbot can automatically configure NGINX for SSL/TLS. It looks for and modifies the

server⁠

block in your NGINX configuration that contains a

server_name⁠

directive with the domain name you’re requesting a certificate for. In our example, the domain is www.example.com.

Assuming you’re starting with a fresh NGINX install, use a text editor to create a file in the /etc/nginx/conf.d directory named domain‑name.conf (so in our example, www.example.com.conf).

Specify your domain name (and variants, if any) with the server_name directive:

server {

listen 80 default_server;

listen [::]:80 default_server;

root /var/www/html;

server_name example.com www.example.com;

}

Save the file, then run this command to verify the syntax of your configuration and restart NGINX:

$ nginx -t && nginx -s reload

3. Obtain the SSL/TLS Certificate
`https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/#3.-Obtain-the-SSL/TLS-Certificate`⁠
⁠

The NGINX plug‑in for certbot takes care of reconfiguring NGINX and reloading its configuration whenever necessary.

Run the following command to generate certificates with the NGINX plug‑in:

$ sudo certbot --nginx -d example.com -d www.example.com

Respond to prompts from certbot to configure your HTTPS settings, which involves entering your email address and agreeing to the Let’s Encrypt terms of service.

When certificate generation completes, NGINX reloads with the new settings. certbot generates a message indicating that certificate generation was successful and specifying the location of the certificate on your server.

Congratulations! You have successfully enabled https://example.com and https://www.example.com

-------------------------------------------------------------------------------------

IMPORTANT NOTES:

Congratulations! Your certificate and chain have been saved at:

/etc/letsencrypt/live/example.com/fullchain.pem

Your key file has been saved at:

/etc/letsencrypt/live/example.com//privkey.pem

Your cert will expire on 2017-12-12.

Note: Let’s Encrypt certificates expire after 90 days (on 2017-12-12 in the example). For information about automatically renenwing certificates, see

Automatic Renewal of Let’s Encrypt Certificates⁠

below.

If you look at domain‑name.conf, you see that certbot has modified it:

server {

listen 80 default_server;

listen [::]:80 default_server;

root /var/www/html;

server_name example.com www.example.com;

listen 443 ssl; # managed by Certbot

# RSA certificate

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot

ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

# Redirect non-https traffic to https

if ($scheme != "https") {

return 301 https://$host$request_uri;

} # managed by Certbot

}

4. Automatically Renew Let’s Encrypt Certificates
`https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/#auto-renewal`⁠
⁠

Let’s Encrypt certificates expire after 90 days. We encourage you to renew your certificates automatically. Here we add a

cron⁠

job to an existing crontab file to do this.

Open the crontab file.

$ crontab -e

Add the certbot command to run daily. In this example, we run the command every day at noon. The command checks to see if the certificate on the server will expire within the next 30 days, and renews it if so. The --quiet directive tells certbot not to generate output.

0 12 * * * /usr/bin/certbot renew --quiet

Save and close the file. All installed certificates will be automatically renewed and reloaded.

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.

CertbotCertbot

1. Download the Let’s Encrypt Clienthttps://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/#1.-Download-the-Let’s&nbsp;Encrypt-Client⁠⁠

2. Set Up NGINXhttps://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/#2.-Set-Up-NGINX⁠⁠

3. Obtain the SSL/TLS Certificatehttps://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/#3.-Obtain-the-SSL/TLS-Certificate⁠⁠

4. Automatically Renew Let’s Encrypt Certificateshttps://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/#auto-renewal⁠⁠

Certbot
Certbot

1. Download the Let’s Encrypt Client
`https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/#1.-Download-the-Let’s Encrypt-Client`⁠
⁠

2. Set Up NGINX
`https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/#2.-Set-Up-NGINX`⁠
⁠

3. Obtain the SSL/TLS Certificate
`https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/#3.-Obtain-the-SSL/TLS-Certificate`⁠
⁠

4. Automatically Renew Let’s Encrypt Certificates
`https://www.nginx.com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/#auto-renewal`⁠
⁠