Let’s Encrypt : A Free SSL/TLS Certificate Authority

Publié le 31 juillet 2016 par admin

I am usually using an auto-signed certificate for my personal website but the navigators are blocking non-valid certificates.

I have found an alternative and discovered Let’s Encrypt which is a free Certificate Authority (CA) : The certificate signed by this CA are recognized by all the navigators. So It is a real valid certificate. 😉

The installation is simplified by the certbot client as explained on the Let’s Encrypt help pages .

You must first modify your nginx configuration to allow Let’s encrypt to verify that you are the owner of the domain:

server {
    listen 80;
    server_name website.domain.fr;

    location '/.well-known/acme-challenge' {
	default_type "text/plain";
    	root /www/website.domain.fr;
    }
...
]

Check your nginx configuration:

$ nginx -t -c /etc/nginx/nginx.conf
$ service nains restart

Then you can run the certbot client as example:

certbot-auto certonly --webroot --webroot-path /www/website.domain.fr -d website.domain.fr

And finally modify your nginx configuration to add the new created certificate:

server {
    # server port and name
    listen        443;
    server_name   website.domain.fr;

    ssl_certificate "/etc/letsencrypt/live/website.domain.fr/fullchain.pem";
    ssl_certificate_key "/etc/letsencrypt/live/website.domain.fr/privkey.pem";

...

}

You should now have a valid certificate !

Nicolas Portais
Author Photographer
http://www.mystockphoto.fr/
http://photos-art.pro/

Ce contenu a été publié dans Anglais, Computer / Technic / Technology, avec comme mot(s)-clé(s) , , , , , , , . Vous pouvez le mettre en favoris avec ce permalien.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Captcha (solve the arithmetic equation) * Time limit is exhausted. Please reload CAPTCHA.