Install acme.sh

1
2
3
curl  https://get.acme.sh | sh

vim ~/.bashrc
1
2
#add in to file
alias acme.sh=~/.acme.sh/acme.sh

Reload enviroment

1
2
source ~/.bashrc
acme.sh --set-default-ca --server letsencrypt

Request in Nginx mode

1
2
3
4
5
#request cert
acme.sh --issue --nginx -d YOURSITE.co

#install cert
acme.sh --installcert -d YOURSITE.co --key-file /etc/nginx/YOURSITE_CERT.pem --fullchain-file /etc/cert/YOURSITE_KEY.pem --reloadcmd "nginx -s reload"

Config nginx

1
vim /etc/nginx/sites-available/YOURSITE.co

Config

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#Redirect http to https
server {
listen 80 default_server;
server_name YOURSITE.co;
return 301 https://$server_name$request_uri;
}

server {
listen 443 default_server;
server_name YOURSITE.co;

location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:port;

proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}

#Path of cert and key stored previously
ssl_certificate /etc/nginx/YOURSITE_CERT.pem;
ssl_certificate_key /etc/cert/YOURSITE_KEY.pem;
}

Reload Nginx

 nginx -t
 nginx -s reload