sudo apt install -y nginx # sudo chown www-data:www-data /var/www <-- à revoir sudo nano /etc/nginx/conf.d/proxy.conf cd /opt sudo apt install -y git-core sudo git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt/ sudo service nginx stop sudo ./letsencrypt-auto certonly -d votrenomde.domaine --rsa-key-size 4096 How would you like to authenticate with the ACME CA? ------------------------------------------------------------------------------- 1: Spin up a temporary webserver (standalone) 2: Place files in webroot directory (webroot) Choix 1 sudo mv /etc/nginx/sites-enabled/default /etc/nginx/sites-enabled/ori.default sudo nano /etc/nginx/sites-enabled/default sudo openssl dhparam -out /etc/ssl/private/dhparams.pem 4096 sudo nginx -t sudo nano /etc/nginx/nginx.conf sudo systemctl start nginx sudo sed -i "$ a\deb http://ftp.debian.org/debian jessie-backports main" /etc/apt/sources.list sudo apt-get update && sudo apt-get install certbot -t jessie-backports -y --force-yes
sudo apt-get update && sudo apt-get install nginx -y --fix-missing sudo sed -i "$ a\deb http://ftp.debian.org/debian jessie-backports main" /etc/apt/sources.list sudo apt-get update && sudo apt-get install certbot -t jessie-backports -y --force-yes sudo certbot certonly sudo nano /etc/nginx/sites-enabled/ipgm.ilad.fr.conf
server {
listen 80;
server_name ipgm.ilad.fr;
root /var/www/ipgm.ilad.fr;
location ~ /.well-known {
allow all;
}
}
sudo mkdir /var/www/ipgm.ilad.fr sudo systemctl restart nginx.service sudo certbot certonly --webroot -w /var/www/ipgm.ilad.fr/ -d ipgm.ilad.fr
https://letsencrypt.status.io/
sudo apt install -y nginx
sudo nano /etc/nginx/conf.d/proxy.conf
proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; client_header_buffer_size 64k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 16k; proxy_buffers 32 16k; proxy_busy_buffers_size 64k;
sudo service nginx stop
sudo apt update && sudo apt install -y certbot python-certbot-nginx
sudo certbot --nginx
sudo nano /etc/nginx/sites-enabled/default && sudo service nginx reload
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/ssl/certificate.cert;
ssl_certificate_key /path/to/ssl/certificate/key.key;
location / {
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080/;
proxy_redirect http:// $scheme://;
client_max_body_size 200M;
}
}
certbot revoke --cert-path /etc/letsencrypt/live/CERTNAME/cert.pem --reason cessationofoperation
certbot delete --cert-name example.com