Detailed instructions for installing Let's Encrypt SSL certificate on a server with CMS Bitrix and Nginx
This instruction, first of all, should be interesting for beginners.
If you have all the settings set by default, you can look at the paths that I brought. That is, if you are using a system installed using the Bitrix environment script on the CentOS 6.X operating system. If not, you yourself know where what lies.
Installation
The first thing to do is install git :
# yum install git
Next, go to the / tmp directory :
# cd /tmp
Using git, download Let's Encrypt files. The script itself is now called certbot :
# git clone https://github.com/certbot/certbot
Go to the downloaded directory:
# cd certbot
Just in case, we give execute rights to the script file:
# chmod a+x ./certbot-auto
Obtaining a Certificate
The following is a command to directly obtain a certificate:
# ./certbot-auto certonly --webroot --agree-tos --email [email protected] -w /home/bitrix/www/ -d my-domain.ru -d www.my-domain.ru
--webroot - since the automatic installation for nginx is not yet reliable, use this key;
--agree-tos - we agree with the license agreement;
--email [email protected] - indicate your e-mail. In the future, it may come in handy to restore your account;
-w / home / bitrix / www - specify the root directory of the site;
-d my-domain.ru is our domain. You can also specify subdomains, for example -d site.my-domain.ru .
After that, the script will start working and offer to install the missing packages. We agree and wait.
If everything succeeds, you will see a message: Certificates are installed, it remains only to indicate to nginx where they are located.
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/my-domain.ru/fullchain.pem. Your
cert will expire on 2016-08-21. To obtain a new version of the
certificate in the future, simply run Certbot again.
- If you lose your account credentials, you can recover through
e-mails sent to [email protected].
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Customization
Open the ssl.conf configuration file :
# vim /etc/nginx/bx/conf/ssl.conf
If you have already installed the certificates, delete or comment on the lines with them and insert new ones: Do not forget to enable ssl if this has not been done before: After that, restart nginx:
ssl_certificate /etc/letsencrypt/live/my-domain.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my-domain.ru/privkey.pem;
ssl on;
keepalive_timeout 70;
keepalive_requests 150;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# service nginx reload
If he did not give any errors, then everything is in order. You can go to the site and see what happened.
Update
The certificate is issued for 90 days , so after this period it will be necessary to renew it. This is done by the command:
# certbot-auto renew
It can also be put in cron .
That's all. To compile the instruction, I used the article Yet another instruction on obtaining the Let's Encrypt ssl certificate and the official guide .