I am usually using an auto-signed certificate for my personal website but the navigators are blocking non-valid certificates.
I have found an alternative and discovered Let’s Encrypt which is a free Certificate Authority (CA) : The certificate signed by this CA are recognized by all the navigators. So It is a real valid certificate. 😉
The installation is simplified by the certbot client as explained on the Let’s Encrypt help pages .
You must first modify your nginx configuration to allow Let’s encrypt to verify that you are the owner of the domain:
server { listen 80; server_name website.domain.fr; location '/.well-known/acme-challenge' { default_type "text/plain"; root /www/website.domain.fr; } ... ]
Check your nginx configuration:
$ nginx -t -c /etc/nginx/nginx.conf $ service nains restart
Then you can run the certbot client as example:
certbot-auto certonly --webroot --webroot-path /www/website.domain.fr -d website.domain.fr
And finally modify your nginx configuration to add the new created certificate:
server { # server port and name listen 443; server_name website.domain.fr; ssl_certificate "/etc/letsencrypt/live/website.domain.fr/fullchain.pem"; ssl_certificate_key "/etc/letsencrypt/live/website.domain.fr/privkey.pem"; ... }
You should now have a valid certificate !
Nicolas Portais
Author Photographer
http://www.mystockphoto.fr/
http://photos-art.pro/