create free ssl / https with nginx and yii2 using letsencrypt

sintret July 2016
sintret
no comment Tags : Yii Nginx

 

Update your sources.list apt, in my case. I using debian 8 with nginx and yii2 is my php framework.

add this source code like this following below if you are using Jessie :

Using your console, update your repository like below : 

nano /etc/apt/sources.list

add this line in your sources.list file
#debian backport
deb http://ftp.us.debian.org/debian jessie-backports main

please see the image below, i make clearly it for you.

 

apt-get update

 

Letsencrypt provides generating SSL with .pem key using certbot, this tool so easy to make your server more secure. the full documentation at https://certbot.eff.org/#debianjessie-nginx, many linux distros have been provided.

To install certbot you need page with can be access for certbot and this mean you have provide path for that. For the example i using yii2 and commonly in yii2  have 2 common type basic and advance mode.

For basic /web 

For advanced /frontend/web

You can see my example certbot code with webroot like this following code, dont wory i will explain then :

certbot certonly --webroot -w /var/www/html/sintret.com/www/frontend/web -d www.sintret.com -d sintret.com

 

 you can see my webroot with absolute url and then i added -d option for server name. and this is the result,

 

 

 

Congratulations! you have done with your secure web, copy the path .pem key, this will add in nginx server block. Please remember my friends, this certificate will expired in 3 months but don't worry in this tutorial we will create cron job to renew our certificates.

ok, go to your nginx configuration then we need to redirect http to https like this following example code below.

 

# Default server configuration
#
server {
 listen 80; ## listen for ipv4; this line is default and implied
 server_name sintret.com www.sintret.com;
 return 301 https://sintret.com$request_uri;
}
 

and in other server block like this following

server {
 listen 80 default_server;
 listen [::]:80 default_server;
 # SSL configuration
 #
 listen 443 ssl default_server;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_certificate /etc/letsencrypt/live/www.sintret.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/www.sintret.com/privkey.pem;
 .............
}

 

 Restart your nginx 

service nginx restart

 

 now you can try access your web and you will see https there.

now we need to renew our certificates using command like this :

certbot renew --dry-run

or

for automatic renewal by adding a cron

certbot renew --quiet

 

Create cron job, i will create letsencrypt filename

 

touch letsencrypt
nano letsencrypt

 

=================================

 #!/bin/bash
certbot renew --quiet

=================================

 after you create a file then you can move the file to /etc/cron.daily directory, with this command console :

mv letsencrypt /etc/cron.daily

 

in this case i want to renew my certificates daily.

 

last steps 

 

chown root /etc/cron.daily/letsencrypt
chmod 744 /etc/cron.daily/letsencrypt

 

done and cheers

 

Leave a Comment:

digital_ocean