I am usually using an auto-signed certificate for my personal website but the navigators are blocking non-valid certificates.
I have found an alternative and discovered Let’s Encrypt which is a free Certificate Authority (CA) : The certificate signed by this CA are recognized by all the navigators. So It is a real valid certificate. 😉
The installation is simplified by the certbot client as explained on the Let’s Encrypt help pages .
You must first modify your nginx configuration to allow Let’s encrypt to verify that you are the owner of the domain:
server {
listen 80;
server_name website.domain.fr;
location '/.well-known/acme-challenge' {
default_type "text/plain";
root /www/website.domain.fr;
}
...
]
Check your nginx configuration:
$ nginx -t -c /etc/nginx/nginx.conf $ service nains restart
Then you can run the certbot client as example:
certbot-auto certonly --webroot --webroot-path /www/website.domain.fr -d website.domain.fr
And finally modify your nginx configuration to add the new created certificate:
server {
# server port and name
listen 443;
server_name website.domain.fr;
ssl_certificate "/etc/letsencrypt/live/website.domain.fr/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/website.domain.fr/privkey.pem";
...
}
You should now have a valid certificate !
Nicolas Portais
Author Photographer
http://www.mystockphoto.fr/
http://photos-art.pro/
