I will occasionally write posts on medium, check out the latest one.
How to convert a Binary IP to an IP address
Page 3 of 25
Note: This is primarily for me to remember doing these steps, If it benefits someone else then great =).
In this example I will be listing out the steps to install SSL on https://crowdslike.com
Step 1
We will need to SSH into our machine. In our case its an EC2 instance.
ssh -i your.pem ec2-user@domain.com
Step 2
Installing Certbot. Head over to their documentation to get the instructions. They may vary depending on your machines operating system. We will be installing certbot-auto.
Step 3
We will need to stop our server. In our case we are running NGINX.
service nginx stop
Step 4
Here we will run the certbot command to generate our new certificate. The command will ask you a few questions along the way.
./certbot-auto certonly --standalone -d domain.com --no-bootstrap
If you see the congratulations message then you have made it. Now we will need to copy these two lines for later usage.
/etc/letsencrypt/live/<domain_name>/fullchain.pem /etc/letsencrypt/live/<domain_name>/privkey.pem
Step 5
Now, we will update our NGINX config and add SSL support. Below is a simple config setup.
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name _;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
add_header Strict-Transport-Security “max-age=31536000”;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
include fastcgi_params;
}
}
We need to restart our NGINX sever.
service nginx start
Step 6
Let’s setup auto-renewal of our certificate. Certbot certificates last 30 days. The cron will run every night at 1 am.
Create a file: /home/certbot-renew.sh Add lines: #!/bin/bash sudo service nginx reload Make it executable: chmod +x /home/certbot-renew.sh Edit cron: sudo crontab -e Add line 0 1 * * * ./certbot-auto renew --noninteractive --renew-hook /home/certbot-renew.sh
To check that the cronjob was saved, you can run the command below.
crontab -l
I will occasionally write posts on medium, check out the latest one.
AWS CodeDeploy Multiple Environments Shell Scripts
© 2020 Aldomatic
Theme by Anders Noren — Up ↑
