Let’s Encrypt and NGINX

After a long wait Let’s Encrypt if finally in a Beta stage.

After I have received email from them, the installation bit of the email:

Quick Start

To use Let’s Encrypt’s official client to obtain your real certificates, you will need to provide the production API URL on the command line:

https://acme-v01.api.letsencrypt.org/directory

When running the Python client (installation directions [1]), be sure to specify the --server argument with the production URL:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto –agree-dev-preview –server \
https://acme-v01.api.letsencrypt.org/directory auth

If you are using a different ACME client, be sure to configure it to use the production URL in order to get valid certificates. Many clients will default to the staging URL.

Full text is available here: https://community.letsencrypt.org/t/beta-program-announcements/1631

And that is pretty much it. But let’s have a closer look at what I did – as instructed I run this command:
Lets1

Lets2

Perhaps an oversight on my behalf but I could not see anything saying that the web server must be stopped:
Lets3

so I stopped the service and tried again:

Lets4

Quick look to check if the certificates are where they supposed to be:

Lets5

Last thing remaining is to update Nginx config to point to the newly generated certs:

ssl_certificate   /etc/letsencrypt/live/it.awroblew.biz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/it.awroblew.biz/privkey.pem;

then reload nginx:

service nginx reload

and job done.

However I have noticed that with the default config the certs were only 2048 bits. I prefer 4096 so some tiny manual config was required – under /etc/letsencrypt/ create file called cli.ini

and type this in:

rsa-key-size = 4096

then, stop nginx and run:

Lets1

since I have already generated my certs I got this:

Lets6

hit replace, start nginx and voila job done:

cert_show

So for me it is goodbye StartSSL and hello Let’s Encrypt!

For reference here is a link to Let’s Encrypt documentation website – https://letsencrypt.readthedocs.org/en/latest/using.html

Leave a Reply

Your email address will not be published. Required fields are marked *

1 + 3 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.