Let's Encrypt needs to verify that you own the domain. Certbot puts a keyfile under /var/www/.well-known that must be accessable by their servers. Therefore you have to exempt this location from basic authentication. Insert this in /etc/nginx/sites-enabled/scrollout.conf just before the final }:
location /.well-known {
auth_basic off;
}
Note: Probably this gets deleted after an update so remember to check and add it again!
3. Restart nginx: # systemctl restart nginx
4. Get your certificate from Let's Encrypt: # certbot certonly --webroot -w /var/www -d <your.domain.com> Note: Be sure not to do this in a sensitive directory like /etc/nginx/sites-enabled as Certbot creates a log file that certainly is not an nginx configuration file. Better cd to your home directory first.
5. Remove the original files in /etc/postfix/certs/scrollout.{key,cert} and create symlinks to your new certificate and key:
Agree with most of what Anonymous wrote - but since the nginx config does in fact get wiped out with an update, I prefer to use the "standalone" mode of certbot. This has a built-in temporary webserver that exists only while certbot is doing its verification. So to renew, drop a script into /etc/cron.monthly (or whatever time cycle you like) - script stops nginx, runs certbot renew, starts nginx.
Last edit: Anonymous 2017-02-13
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
View and moderate all "Get Help" comments posted by this user
Mark all as spam, and block user from posting to "Discussion"
If i want to use Lets Encrypt. Is that possible?
key and cert are in /etc/postfix/certs/scrollout.{key,kert}
View and moderate all "Get Help" comments posted by this user
Mark all as spam, and block user from posting to "Discussion"
Additional information:
apt-get install certbot -t jessie-backports/var/www/.well-knownthat must be accessable by their servers. Therefore you have to exempt this location from basic authentication. Insert this in/etc/nginx/sites-enabled/scrollout.confjust before the final}:Note: Probably this gets deleted after an update so remember to check and add it again!
3. Restart nginx:
# systemctl restart nginx4. Get your certificate from Let's Encrypt:
# certbot certonly --webroot -w /var/www -d <your.domain.com>Note: Be sure not to do this in a sensitive directory like
/etc/nginx/sites-enabledas Certbot creates a log file that certainly is not an nginx configuration file. Bettercdto your home directory first.5. Remove the original files in
/etc/postfix/certs/scrollout.{key,cert}and create symlinks to your new certificate and key:Note: Better also check this after an update of Scrollout F1.
6. Restart nginx once again:
# systemctl restart nginx7. Voilà
Certbot has a cronjob for automatic renewal of the certificate(s).
Last edit: Anonymous 2017-01-31
View and moderate all "Get Help" comments posted by this user
Mark all as spam, and block user from posting to "Discussion"
Agree with most of what Anonymous wrote - but since the nginx config does in fact get wiped out with an update, I prefer to use the "standalone" mode of certbot. This has a built-in temporary webserver that exists only while certbot is doing its verification. So to renew, drop a script into /etc/cron.monthly (or whatever time cycle you like) - script stops nginx, runs certbot renew, starts nginx.
Last edit: Anonymous 2017-02-13