Free SSL certificates are now available to the public through letsencrypt.org. Do they work with Nginx and LEMP stacks?
Yes, certificates generated through Let’s Encrypt are perfectly valid work just fine with Nginx. However, for the time being I’d suggest installing certificates you create manually as the Nginx plugin for the client is still flagged as experimental and not included in letsencrypt-auto.
The last time I used the Nginx plugin to update my server bock configurations, it jumbled up my configuration making it unusable. Until the community sorts out how they want to support Nginx, I’d say use the client to generate your certificates and then just update your Nginx configuration yourself.
git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt ./letsencrypt-auto certonly --standalone --email firstname.lastname@example.org -d example.com -d www.example.com
This should create your certificates in
Here are the lines from one of my Nginx SSL configurations where I referenced the files generated by Let’s Encrypt. Some sites suggest using different chains, but I believe this is actually the proper way. It gets me an A+ on the Qualsys SSL server test.
ssl_certificate /etc/letsencrypt/live/rudeotter.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/rudeotter.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/rudeotter.com/chain.pem;