Am Encrypted!

Let’s Encrypt is in public beta since last night.

And hence the lock icon in the location bar says

My Certificate
My Certificate

Although Let’s Encrypt guys are not shipping auto-install plugin for nginx in this beta, the whole process is smooth.

Here are the steps that I followed:

  • Get the certificates
./letsencrypt-auto certonly
  • Make sym links
sudo ln -s
/etc/letsencrypt/live/www.kaushikc.org/fullchain.pem
/etc/nginx/ssl/fullchain.pem

sudo ln -s /etc/letsencrypt/live/www.kaushikc.org/privkey.pem /etc/nginx/ssl/privkey.pem
  • Configure SSL in nginx site config
server {
    listen 443 ssl;
    server_name kaushikc.org www.kaushikc.org;
    add_header Strict-Transport-Security "max-age=31536000";
    ssl_certificate /etc/nginx/ssl/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
  • Redirect all http to https
server {
       listen         80;
       server_name    kaushikc.org www.kaushikc.org;
       return         301 https://$server_name$request_uri;
}
  • Reload nginx
sudo service nginx reload

Update