How To Secure Nginx with Let's Encrypt on Debian 8

How To Secure Nginx with Let's Encrypt on Debian 8

Let's Encrypt is a new Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. It simplifies the process by providing a software client, certbot (previously called letsencrypt), that attempts to automate most (if not all) of the required steps. Currently, the entire process of obtaining and installing a certificate is fully automated only on Apache web servers. However, Let's Encrypt can be used to easily obtain a free SSL certificate, which can be installed manually, regardless of your choice of web server software.

[…]

We'll show you how to use the Webroot plugin to obtain an SSL certificate.

The Webroot plugin works by placing a special file in the /.well-known directory within your document root, which can be opened (through your web server) by the Let's Encrypt service for validation. Depending on your configuration, you may need to explicitly allow access to the /.well-known directory.

[…]

Now that we know our webroot-path, we can use the Webroot plugin to request an SSL certificate with these commands. Here, we are also specifying our domain names with the -d option. If you want a single cert to work with multiple domain names (e.g. example.com and www.example.com), be sure to include all of them. Also, make sure that you replace the highlighted parts with the appropriate webroot path and domain name(s):

[…]

Now that you have an SSL certificate, you need to configure your Nginx web server to use it.

[…]

It will probably look like this, meaning that only HTTP traffic is allowed to the web server:

[…]

That's it! Your web server is now using a free Let's Encrypt TLS/SSL certificate to securely serve HTTPS content.