How to install Let's Encrypt Nginx plugin DigitalOcean plugin on Ubuntu 18.04

🎃 Install certbot client

tuenhai@ubuntu18.04:~$ sudo apt update
$ sudo apt install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt update
$ sudo apt install python-certbot-nginx

🗻 Install digitalocan plugin on Ubuntu 18.04

tuenhai@ubuntu:~$ sudo apt install python3-pip
$ sudo pip3 install certbot-dns-digitalocean
$ certbot plugins

🎂 Create token on digitalocean

create a token on digitalocean.com with write access, then:

tuenhai@ubuntu:~$ mkdir -p ~/.secrets/certbot
$ echo 'dns_digitalocean_token=token' > ~/.secrets/certbot/digitalocean.ini
$ chmod 600 ~/.secrets/certbot/digitalocean.ini

🐞 Check nginx site configuration

$ sudo vi /etc/nginx/sites-available/tuenhai.com

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name tuenhai.com www.tuenhai.com;

    add_header Strict-Transport-Security max-age=31536000;

    access_log /home/tuenhai.com/logs/tuenhai_access.log;
    error_log /home/tuenhai.com/logs/tuenhai_error.log;

    root /home/tuenhai.com/public;
    index index.html index.htm;
}

server {
    listen 80;
    listen [::]:80;
    server_name tuenhai.com www.tuenhai.com;
}

🍮 Run certbot command to set SSL automatically

tuenhai@ubuntu:~$ sudo certbot --dns-digitalocean --dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini --dns-digitalocean-propagation-seconds 60 -i nginx -d "*.tuenhai.com" -d tuenhai.com --server https://acme-v02.api.letsencrypt.org/directory

👽 Check SSL configuration

$ sudo vi /etc/nginx/sites-available/tuenhai.com

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name tuenhai.com www.tuenhai.com;

    add_header Strict-Transport-Security max-age=31536000;

    access_log /home/tuenhai.com/logs/tuenhai_access.log;
    error_log /home/tuenhai.com/logs/tuenhai_error.log;

    root /home/tuenhai.com/public;
    index index.html index.htm;

    ssl_certificate /etc/letsencrypt/live/tuenhai.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/tuenhai.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = tuenhai.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host ~ ^[^.]+\.tuenhai\.com$) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;
    server_name tuenhai.com www.tuenhai.com;
}

🐡 SSL_ERROR_RX_RECORD_TOO_LONG

Check SSL settings, it should be:

    # no 'ssl on'
    listen 443 ssl;
    listen [::]:443 ssl;

🚌 Test SSL renew

tuenhai@ubuntu:~$ sudo certbot renew --dry-run

Reference:

results matching ""

    No results matching ""