Let's Encrypt scripts

Nginx installation instructions
Login

Nginx installation instructions

Concatenate the domain certificate and the intermediate certificate into the same text file called "chained.pem":

cat YOUR-DOMAIN.crt YOUR-DOMAIN-issuer.crt > chained.pem

If not done already, generate non-default dhparams.

openssl dhparam -out dhparam.pem 4096

Copy "chained.pem" and "dhparam.pem" to /etc/ssl/certs/.

scp chained.pem root@foo.com:/etc/ssl/certs/chained.pem
scp dhparam.pem root@foo.com:/etc/ssl/certs/dhparam.pem

Copy "YOUR-DOMAIN.key" /etc/ssl/private/.

scp YOUR-DOMAIN.key root@foo.com:/etc/ssl/private/YOUR-DOMAIN.key

Update your webserver config to use https (examples below).

server {
    listen 443;
    server_name foo.com;
    ssl on;
    ssl_certificate /etc/ssl/certs/chained.pem;
    ssl_certificate_key /etc/ssl/private/YOUR-DOMAIN.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
    ssl_session_cache shared:SSL:50m;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_prefer_server_ciphers on;

    location / {
        return 200 'Hello world!';
        add_header Content-Type text/plain;
    }
}