Step 1: Install The Lego Client
cd /tmp
curl -Ls https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i -
tar xf lego*.tar.gz
sudo mkdir -p /opt/bitnami/letsencrypt
sudo mv lego /opt/bitnami/letsencrypt/lego
Step 2: Generate A Let’s Encrypt Certificate For Your Domain
sudo /opt/bitnami/ctlscript.sh stop
sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --domains="www.DOMAIN" --path="/opt/bitnami/letsencrypt" run
Step 3: Configure The Web Server To Use The Let’s Encrypt Certificate
sudo mv /opt/bitnami/nginx/conf/server.crt /opt/bitnami/nginx/conf/server.crt.old
sudo mv /opt/bitnami/nginx/conf/server.key /opt/bitnami/nginx/conf/server.key.old
sudo mv /opt/bitnami/nginx/conf/server.csr /opt/bitnami/nginx/conf/server.csr.old
sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.key /opt/bitnami/nginx/conf/server.key
sudo ln -sf /opt/bitnami/letsencrypt/certificates/DOMAIN.crt /opt/bitnami/nginx/conf/server.crt
sudo chown root:root /opt/bitnami/nginx/conf/server*
sudo chmod 600 /opt/bitnami/nginx/conf/server*
sudo /opt/bitnami/ctlscript.sh start
Step 4: Test The Configuration
try your https://www.DOMAIN
Step 5: Renew The Let’s Encrypt Certificate
To renew
sudo /opt/bitnami/ctlscript.sh stop
sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/opt/bitnami/letsencrypt" renew --days 90
sudo /opt/bitnami/ctlscript.sh start
Auto-renew
sudo nano /opt/bitnami/letsencrypt/scripts/renew-certificate.sh
#!/bin/bash
sudo /opt/bitnami/ctlscript.sh stop nginx
sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/opt/bitnami/letsencrypt" renew --days 90
sudo /opt/bitnami/ctlscript.sh start nginx
chmod +x /opt/bitnami/letsencrypt/scripts/renew-certificate.sh
sudo crontab -e
# every month
# 0 0 1 * * /opt/bitnami/letsencrypt/scripts/renew-certificate.sh 2> /dev/null
every two month
0 0 1 JAN,MAR,MAY,JUL,SEP,NOV * /opt/bitnami/letsencrypt/scripts/renew-certificate.sh 2> /dev/null
NOTE: Change DOMAIN and EMAIL-ADDRESS to yours.
Step 6: Force HTTPS
Modify the /opt/bitnami/nginx/conf/bitnami/bitnami.conf
server {
listen 80;
server_name localhost;
return 301 https://$host$request_uri;
include "/opt/bitnami/nginx/conf/bitnami/bitnami-apps-prefix.conf";
}
After modifying the NGINX configuration file:
Open port 443 in the server firewall.
Restart NGINX to apply the changes.
sudo /opt/bitnami/ctlscript.sh restart nginx
Ref:
https://docs.bitnami.com/virtual-machine/how-to/generate-install-lets-encrypt-ssl/
https://docs.bitnami.com/virtual-machine/apps/wordpress-pro/administration/force-https-nginx/
0 comments:
Post a Comment