Let’s Encrypt with EasyEngine

UPDATE: If you are using EasyEngine v3.4+ then you can configure letsencrypt certificate with one command. Please check the Let’s Encrypt Command.

First make sure that your site is live and running on same server on which you are running Let’s Encrypt Client to allow it to verify the site automatically.

First allow .well-known directory to be reachable in EasyEngine.

vim /etc/nginx/common/locations.conf

and add the following code immediately after the # Deny hidden files lines.

# Deny hidden files
location ~ /\.well-known {
  allow all;
}

After this step, reload Nginx configuration.

nginx -t && service nginx reload

Now download Let’s Encrypt Client.

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

Now request for SSL from Let’s Encrypt.

./letsencrypt-auto certonly --webroot -w /var/www/example.com/htdocs/ -d example.com -d www.example.com --email admin@exmaple.com --text --agree-tos

After successful verification you will receive following message.

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/example.com/fullchain.pem. Your cert will
   expire on 2016-03-03. To obtain a new version of the certificate in
   the future, simply run Let's Encrypt again.
 - If like Let's Encrypt, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Once you receive SSL from Let’s Encrypt, configure the SSL with your site.

vi /var/www/example.com/conf/nginx/ssl.conf 

and add following Nginx Config into it:

    listen 443 ssl http2;
    ssl on;
    ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/example.com/privkey.pem;

At the end, you need to reload Nginx:

nginx -t && service nginx reload

If you want HTTP to HTTPS redirection then:

vim /etc/nginx/conf.d/force-ssl.conf 

and add following Nginx config into it:

server {
    listen 80;
    server_name www.example.com example.com;
    return 301 https://example.com$request_uri;
}

At the end, you need to reload Nginx

nginx -t && service nginx reload