docs
  • Overview
  • 🐍 PYTHON
    • Type Hints
    • PEP8 Style Guide for Python Code
    • 🏡Pipenv
    • Pathlib
  • 🕸Django
    • 🗄models
      • 🎯Best Practices
      • 🚦Django Signals
    • ⚙️ settings
    • DRF
      • Serializer
      • Authentication
      • Permissions
      • Viewsets
    • Testing
      • Faker and Factory Boy
    • 🧪Test Coverage
    • 💦Python-Decouple
    • Django Tips:
    • 💾Django ORM Queryset
    • Custom Exceptions
    • Celery
    • Resources
  • Deploy
    • 🚀Django Deployment
    • 🔒Setup SSL Certificate
  • 💾Database
    • MongoDB
  • 🛠️DevOps
    • 🖥Scripting
      • A First Script
      • Loops
      • Test
      • Variables
      • External programs
      • Functions
    • Command Line Shortcuts
    • Basic Linux Commands
    • 🎛Microservices
    • 🐳Docker
      • Docker Commands
      • Docker Compose
      • Django project
    • Kubernates
  • 📝Software IDE
    • EditorConfig
    • Linters
    • VsCode
Powered by GitBook
On this page
  • STEP 1: Log in as a root to the server.
  • STEP 2: Clone dehydrated Github repo inside /opt/
  • STEP 3: Create dehydrated directory inside /etc/
  • STEP 4: Copy config file into /etc/dehydrated/ from docs/examples
  • STEP 5: Create .well-known/acme-challenge directory in /var/www/html
  • STEP 6: Change the config file as follows
  • STEP 7: Create domains.txt inside /etc/dehydrated/
  • STEP 8: Update nginx.conf file with .well-known location
  • STEP 9: Restart nginx
  • STEP 10: Run Register and Accept terms then Run dehydrated
  • STEP 11: Configure server in nginx.conf
  • STEP 12: Restart Nginx Server again
  • STEP 13: To Renew Certificates setup a weekly cron job

Was this helpful?

  1. Deploy

🔒Setup SSL Certificate

SSL Certificate setup in linux server

We are going to use dehydrated opensource tools for signing certificates.

STEP 1: Log in as a root to the server.

ssh root@ip_address

STEP 2: Clone dehydrated Github repo inside /opt/

cd /opt/ && git clone https://github.com/dehydrated-io/dehydrated

STEP 3: Create dehydrated directory inside /etc/

cd /etc/ && mkdir dehydrated

STEP 4: Copy config file into /etc/dehydrated/ from docs/examples

cd /dehydrated/ && cp /opt/dehydrated/docs/examples/config .

STEP 5: Create .well-known/acme-challenge directory in /var/www/html

mkdir -p /var/www/html/.well-known/acme-challenge

STEP 6: Change the config file as follows

BASEDIR=/etc/dehydrated

WELLKNOWN="/var/www/html/.well-known/acme-challenge"

CONTACT_EMAIL=youremail@domain.com

STEP 7: Create domains.txt inside /etc/dehydrated/ 

echo "yourdomain.com www.yourdomain.com" > domains.txt

STEP 8: Update nginx.conf file with .well-known location

server {
  listen 80;
  server_name yourdomain.com www.yourdomain.com;
  ...
  ...
  ...
  location /.well-known {
	  root	/var/www/html;
  }
}
cd /etc/nginx/sites-available/

STEP 9: Restart nginx

systemctl restart nginx

STEP 10: Run Register and Accept terms then Run dehydrated 

/opt/dehydrated/dehydrated --register --accept-terms && \
/opt/dehydrated/dehydrated -c

STEP 11: Configure server in nginx.conf

server {

    listen          80;
    server_name    yourdomain.com www.yourdomain.com;

    root            /var/www/html;

    location / {
        return  301 https://ytbot.xyz$request_uri;
    }

    location /.well-known {
        root    /var/www/html;
    }

}

server {
    listen 443 ssl http2;

    ssl_certificate         /etc/dehydrated/certs/yourdomain.com/fullchain.pem;
    ssl_certificate_key     /etc/dehydrated/certs/yourdomain.com/privkey.pem;
 
    server_name 138.68.5.100 yourdomain.com www.yourdomain.com;
    ...
    ...
    ...

    location /.well-known {
	    root	/var/www/html;
    }
}

STEP 12: Restart Nginx Server again

systemctl restart nginx

STEP 13: To Renew Certificates setup a weekly cron job

#!/bin/bash

LOGFILE=/var/log/dehydrated_ssl_renew.log

echo -e "\n# $(date -u '+%F %T') $0 $@\n" >> $LOGFILE

/opt/dehydrated/dehydrated -c >> $LOGFILE 2>&1
cd /etc/cron.weekly
Previous🚀Django DeploymentNextMongoDB

Last updated 4 years ago

Was this helpful?