Posts tagged 'let's encrypt'

Using acme.sh with nginx

10 Aug 2016

acme.sh is a script utility for the ACME spec used by Let's Encrypt. It is pretty simple and has no requirements, so I wanted to try using that in the server to issue and renew certificates rather than doing the process in my local machine and then copying the required files. It supports several modes for issuing the certificates, such as the Apache mode which I have used before, although there is no specific mode for nginx, so it is not possible to have completely automatic configuration if you use that server.

After installation we are now able to issue certificates, but there is a single problem: how should the challenge be solved? While it would be possible to stop nginx and have a local web server run on port 80, this might not be a good practice for production server. In my case, I cannot use another port (say, port 88) because that would require modifying some firewall rules, and that's kind of a bummer :)

So what are we going to do? Simple: use the webroot method and configure nginx to serve the challenges so that applications don't actually care about the challenge endpoint.

Tags: server let's encrypt https web nginx ssl acme secure

Let's Encrypt public beta

06 Dec 2015

Now that Let's Encrypt is in public beta, I thought I'd revisit my previous post with some additional details.

Tags: ssl security let's encrypt certificate nginx

Using Let's Encrypt certificates

22 Oct 2015

Now that Let's Encrypt is a trusted certificate authority in major browsers and that I got access to the beta program, I decided to take it for a spin in my server with nginx (and uWSGI).

Tags: ssl security let's encrypt certificate nginx