Let’s Encrypt is Certificate Authority (CA) and provide free SSL/TLS certificates to enable HTTPS connections on our website. It’s very simple to implement and integrate to nginx, you just have to generate the certificate with certbot script and add it to the server configuration. I am currently running Slackware 14, to run certbot, I need install the follow pyhton packages with easy_install:

  • python-setuptools
  • zope.interface
  • zope.component
  • six
  • pytz
  • pyrfc3339
  • PyOpenSSL
  • python-parsedatetime
  • parsedatetime
  • mock
  • configobj
  • ConfigArgParse
  • requests
  • psutil
  • pycparser
  • ipaddress
  • enum34
  • idna
  • cffi
  • pyasn1
  • cryptography
  • ndg_httpsclient
  • python2-pythondialog
  • python-augeas

Now, running this command will get a certificate.

certbot certonly -a webroot --webroot-path=/usr/share/nginx/html -d mydomain.cl

After obtaining the cert, you will have the following PEM-encoded files:

  • cert1.pem: Your domain’s certificate
  • chain1.pem: The Let’s Encrypt chain certificate
  • fullchain1.pem: cert.pem and chain.pem combined
  • privkey1.pem: Your certificate’s private key

You can check that the files exist by running the command:

  ls -l /etc/letsencrypt/live/mydomain.cl

Within this file, we just need to set:

  • ssl_certificate: directive to our certificate file
  • ssl_certificate_key: associated key.

the nginx.conf should looks like this:

# HTTPS server
#
server {
    listen       443 ssl;
    server_name  mydomain.cl;

    ssl_certificate      /etc/letsencrypt/live/mydomain.cl/cert.pem;
    ssl_certificate_key  /etc/letsencrypt/live/mydomain.cl/privkey.pem;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        root   /var/www/nginx/public;
        index  index.html index.htm;
    }

    ...
}

Reference Certificats SSL/TLS avec Certbot sous Slackware


Jose Bovet Derpich

Software Engineer