Securing Nginx with Let’s Encrypt on Ubuntu 16.04

First we need to install certbot utility:

apt-get install software-properties-common
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-nginx

After that, we can easily generate SSL certificates for all the domains listed in Nginx ‘server_name’ attributes in alive (working) virtual hosts. The examples are:

certbot --nginx certonly -d slogpost.ru -d www.slogpost.ru
certbot --nginx certonly -d psiholog-s-vami.ru -d www.psiholog-s-vami.ru
certbot certonly --nginx --cert-name sharlines.com -d sharlines.com -d www.sharlines.com
certbot certonly --nginx --cert-name developernote.com -d developernote.com -d www.developernote.com -d comprice.developernote.com -d herb.developernote.com -d mastermag.developernote.com -d pechat.developernote.com -d geographx.developernote.com -d geographx.net -d www.geographx.net -d xn--80aajg7ac1agj.xn--p1ai -d www.xn--80aajg7ac1agj.xn--p1ai -d xn--80acc2atiigge7h.xn--p1ai -d www.xn--80acc2atiigge7h.xn--p1ai -d xn--80ajbrkbljkdjhf7k4a.xn--p1ai -d www.xn--80ajbrkbljkdjhf7k4a.xn--p1ai -d doc.developernote.com -d git.developernote.com -d gitweb.developernote.com -d pechatat.spb.ru -d www.pechatat.spb.ru
certbot --nginx certonly -d milomag.ru,www.milomag.ru,xn--80agwdbl3g.xn--p1ai,www.xn--80agwdbl3g.xn--p1ai

We cannot use wildcard domains line *.developernote.com with Let’s Encrypt, so we should list all the subdomains. And I do not see anything wrong in combining multiple domains in a single certificate.

To remove the certificate we do something like this:

certbot revoke --cert-path /etc/letsencrypt/live/git.developernote.com/fullchain.pem
certbot delete --cert-name git.developernote.com

Updating all the generated certificates:

certbot renew

After changing the website URL from HTTP to HTTPS, probably it makes a sense to update all the hyperlinks in MySQL database:

show tables;
show columns from wp_posts;
SELECT ID, post_title, post_date, post_name FROM wp_posts WHERE INSTR(post_content, 'http://slogpost.ru') > 0;
UPDATE wp_posts SET post_content=REPLACE(post_content, 'http://slogpost.ru', 'https://slogpost.ru') WHERE INSTR(post_content, 'http://slogpost.ru') > 0;
UPDATE wp_posts SET post_content=REPLACE(post_content, 'http://developernote.com', 'https://developernote.com') WHERE INSTR(post_content, 'http://developernote.com') > 0;

Leave a Reply

Your email address will not be published. Required fields are marked *