Obtain SSL Certificates
With a domain name hooked up to our server, now we'l be able to obtain an SSL certificate. I followed this presentation to install certbot, a program used to generate SSL certificates.
Install and run certbot
We'll use certbot to obtain a standalone SSL certificate. Install certbot, modify permissions, and run certbot to obtain the SSL certificate.
$ cd ~ $ mkdir certbot $ cd certbot $ wget https://dl.eff.org/certbot-auto $ chmod a+x certbot-auto $ ./certbot-auto certonly --standalone -d mydomain.com
If certbot worked, and we get our SSL certificate- the output looks something like:
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/mydomain.org/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/mydomain.org/privkey.pem Your cert will expire on 2018-08-15.
Note the location of the
privkey.pem files. We'll need to put these file paths into the Nginx configuration.
We also need to allow Nginx to access these files. I had trouble getting Nginx to run and this presentation showed a way to give Nginx access to the SSL key files. There is probably a more "Linuxy" way of giving Nginx access to the cert files, but I messed around with the permission settings for a while, and using the commands below worked.
$ cd /etc/letsencrypt $ ls accounts archive csr keys live renewal renewal-hooks $ sudo chmod 777 -R archive/ $ sudo chmod 777 -R live/
The next step is to create a cookie secret, proxy auth token, and dhparem.pem file.