Secure Nginx with SSL

Step 1 — Installing Certbot

sudo apt-get install certbot python3-certbot-nginx

Step 2 — Obtaining an SSL Certificate

sudo certbot --nginx -d example.com -d www.example.com

Step 3 — Updating Diffie-Hellman (Optional)

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

(more secure but takes a bit longer)

editor /etc/nginx/sites-available/default

replace /etc/letsencrypt/ssl-dhparams.pem with your generated /etc/ssl/certs/dhparam.pem

 

Step 4 — Remove unsecure ciphers and protocols (Optional)

editor /etc/letsencrypt/options-ssl-nginx.conf

ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers ‚EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH‘;

 

sudo nginx -t

sudo service nginx reload

Step 5 — Setting Up Auto Renewal

echo '@monthly root certbot renew --nginx --quiet -d example.com >> /var/log/letsencrypt/letsencrypt-auto-update.log' | sudo tee --append /etc/crontab




 

Schreibe einen Kommentar