Using Let’s Encrypt SSL certificate with an Nginx stack

2.69K views
0
0 Comments

Free SSL certificates are now available to the public through letsencrypt.org. Do they work with Nginx and LEMP stacks?

0

Yes, certificates generated through Let’s Encrypt are perfectly valid work just fine with Nginx. However, for the time being I’d suggest installing certificates you create manually as the Nginx plugin for the client is still flagged as experimental and not included in letsencrypt-auto.

The last time I used the Nginx plugin to update my server bock configurations, it jumbled up my configuration making it unusable. Until the community sorts out how they want to support Nginx, I’d say use the client to generate your certificates and then just update your Nginx configuration yourself.

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto certonly --standalone --email you@example.com -d example.com -d www.example.com

This should create your certificates in /etc/letsencrypt/live/example.com.

Here are the lines from one of my Nginx SSL configurations where I referenced the files generated by Let’s Encrypt. Some sites suggest using different chains, but I believe this is actually the proper way. It gets me an A+ on the Qualsys SSL server test.

ssl_certificate /etc/letsencrypt/live/rudeotter.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/rudeotter.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/rudeotter.com/chain.pem;