Rose debug info
---------------

How to install LetsEncrypt SSL certificates on the server via Shell script (not certbot)

Use this library: https://github.com/srvrco/getssl

  1. Download the library:
curl https://raw.githubusercontent.com/srvrco/getssl/master/getssl > getssl ; chmod 700 getssl
  1. Create a domain configuration (here and after dont forget change “ahrameev.ru” to your domain)
./getssl -c ahrameev.ru
  1. Open the config file for editing
mcedit ~/.getssl/ahrameev.ru/getssl.cfg
  1. Uncomment the next line for testing
CA="https://acme-staging-v02.api.letsencrypt.org"
  1. Also uncomment the next line and set it to “true”
USE_SINGLE_ACL="true"
  1. Add to the end of the file (change /var/www/ahrameev.ru/ to your htdocs root path)
ACL=('/var/www/ahrameev.ru/.well-known/acme-challenge')
  1. Save changes and run the process to getting of certificates (in test mode for while). Dont forget change “ahrameev.ru” to your domain
./getssl ahrameev.ru
  1. If everything is ok open the config file to edit it again
mcedit ~/.getssl/ahrameev.ru/getssl.cfg
  1. And comment CA=“https://acme-staging-v02.api.letsencrypt.org” but uncomment the next line for getting full certificates:
CA="https://acme-v02.api.letsencrypt.org"
  1. Save changes and run the process to getting of certificates again
./getssl ahrameev.ru
  1. If everything is ok you’ll get certificates in ~/.getssl/ahrameev.ru/ folder. Add it to nginx configuration (or another web server). For example:
ssl_certificate /home/denis/.getssl/ahrameev.ru/ahrameev.ru.crt;
ssl_certificate_key /home/denis/.getssl/ahrameev.ru/ahrameev.ru.key;
ssl_trusted_certificate /home/denis/.getssl/ahrameev.ru/chain.crt;
ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:RSA+3DES:!NULL:!RC4;

Restart your web server and browser.

 25   1 mo