LetsEncrypt on Nginx

To generate a valid SSL certificate via LetsEncrypt that could be used by Nginx to host this (Ghost) blog, I ran:

git clone [https://github.com/letsencrypt/letsencrypt](https://github.com/letsencrypt/letsencrypt)
cd letsencrypt
sudo service nginx stop
./letsencrypt-auto certonly --standalone --email steve@tryingtobeawesome.com -d tryingtobeawesome.com -d www.tryingtobeawesome.com
sudo service nginx start

(I had to stop Nginx because letsencrypt-auto momentarily starts a webserver on port 80 to do its thang.)

I then modified my Nginx config to use SSL (and redirect non-HTTPS URLs to HTTPS-encrypted ones) using the config file below, then restarted nginx with sudo service nginx restart.

Here’s the contents of /etc/nginx/sites-available/ghost on this server:

server {
    listen 80;
    server_name  tryingtobeawesome.com;
    return       301 [https://tryingtobeawesome.com$request_uri](https://tryingtobeawesome.com$request_uri)
}

server {
    listen 443 ssl;
    server_name  tryingtobeawesome.com;

    ssl_certificate     /etc/letsencrypt/live/tryingtobeawesome.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/tryingtobeawesome.com/privkey.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    access_log   /var/log/nginx/ghost.log;
    error_log    /var/log/nginx/ghost_error.log;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header HOST $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass [http://127.0.0.1:2368](http://127.0.0.1:2368)
        proxy_redirect off;
    }
}

Eventually this process will be automated by letsencrypt-auto, but until there’s mature Nginx support, here you go!