SSL

Crossed-signed chain

cat example.com.crt GandiStandardSSLCA2.pem USERTrustRSAAddTrustCA.crt > example.com.sha2crossed.crt

Let’s Encrypt

$ sudo apt-get install certbot -t jessie-backports
$ certbot certonly -w /var/www/example.com -d example.com --config-dir ~/letsencrypt/etc --work-dir ~/letsencrypt/lib --logs-dir ~/letsencrypt/log
$ cat /etc/nginx/sites-available/example.com | grep ssl         ssl_certificate ~/letsencrypt/etc/live/example.com/fullchain.pem;         ssl_certificate_key ~/letsencrypt/etc/live/example.com/privkey.pem;
$ certbot renew --dry-run --config-dir ~/letsencrypt/etc --work-dir ~/letsencrypt/lib --logs-dir ~/letsencrypt/log

Ref:

https://letsencrypt.org/getting-started/
https://certbot.eff.org

Leave a Reply