Do You want to start using https for your sites?! There is nothing easier — thanks we have Let’s Encrypt project now!

Ok, so how to setup SSL/HTTPS for nginx:

I assume you have installed nginx, and have installed certbot.

I will consider a scenario where is used nginx as the server for responding to ACME.

So as the first step we will create default directory where certbot would create files for all our sites.

mkdir -p /srv/www/acme

Which use /srv vs /var no matter, it’s you choose.

Next step is to configure your nginx.

Create /etc/nginx/conf.d/acme.conf:

location ~ /.well-known {    
    root /srv/www/acme;

And include this config for all your sites:

server {

   include conf.d/acme.conf;

Don’t forget to reload nginx to update config.

And finally we’re ready to obtain certificates:

certbot certonly --webroot  -w /srv/www/acme/ --agree-tos --email -d -d

When the procedure would be successful you should get a message like this:

 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/ Your cert will
   expire on 2018-01-01. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot again. To
   non-interactively renew *all* of your certificates, run "certbot

Well done!

How to configure nginx to use new certs see in my next post about how to configure ssl in nginx.

P.S. Don’t forget to renew your certificates on time. Certificates from letsencrypt issued for 3 months, so you should peridicaly run:

certbot --renew