Setting up LetsEncrypt on a CentOS 7 NginX proxy
-
Here is my
/etc/nginx/conf.d/jaredbusch.com.confin whole for reference.server { client_max_body_size 40M; listen 443 ssl; server_name www.jaredbusch.com jaredbusch.com; ssl on; ssl_certificate /etc/letsencrypt/live/jaredbusch.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/jaredbusch.com/privkey.pem; ssl_stapling on; ssl_stapling_verify on; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass https://10.254.0.101:443; proxy_redirect off; } } server { client_max_body_size 40M; listen 80; server_name www.jaredbusch.com jaredbusch.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://10.254.0.101:80; proxy_redirect off; } } -
Now, I just need to get these certificates shipped off to the server behind. Why? Because while I know I do not have to encrypt after the proxy, I still want it all 100% encrypted.
-
Are you still renewing by hand?
-
Any updates to this?
-
@aaronstuder said in Setting up LetsEncrypt on a CentOS 7 NginX proxy:
Are you still renewing by hand?
I am at least.
-
I'm using cron with the old letsencrypt script. I haven't migrated over to certbot yet.
-
@dafyre said in Setting up LetsEncrypt on a CentOS 7 NginX proxy:
I'm using cron with the old letsencrypt script. I haven't migrated over to certbot yet.
Same.
-
@aaronstuder said in Setting up LetsEncrypt on a CentOS 7 NginX proxy:
Any updates to this?
Use Certbot never this method. keep your life simpler.
-
@JaredBusch said in Setting up LetsEncrypt on a CentOS 7 NginX proxy:
@aaronstuder said in Setting up LetsEncrypt on a CentOS 7 NginX proxy:
Any updates to this?
Use Certbot never this method. keep your life simpler.
Yeah. If the old way is working, that should keep working. However, certbot is easier to use.
-
@travisdh1 said in Setting up LetsEncrypt on a CentOS 7 NginX proxy:
@JaredBusch said in Setting up LetsEncrypt on a CentOS 7 NginX proxy:
@aaronstuder said in Setting up LetsEncrypt on a CentOS 7 NginX proxy:
Any updates to this?
Use Certbot never this method. keep your life simpler.
Yeah. If the old way is working, that should keep working. However, certbot is easier to use.
When my system came up for renew after certbot was out, I installed certbot and renewed that way. everything is in the same pace. nothing had to be changed in the config files.
