Install free SSL certificates

One time only:

wget chmod a+x certbot-auto

Creating a new certificate:

./certbot-auto certonly -w /var/www/pydocs/ -d

This will create new certificates here:

In here are 4 files:

cert.pem chain.pem fullchain.pem privkey.pem

To implement this in Nginx:

listen 443 ssl;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000";
ssl on;
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Also make sure, that you can proof that you're the owner of by adding making this path available:

Like so:

location ^~ /.well-known/acme-challenge/ {
alias /var/www/pydocs/;

To make sure SSL certificates are automatically renewed, add this to your

30 2 * * 1 /home/michael/certbot-auto renew >> /var/log/le-renew.log
35 2 * * 1 /etc/init.d/nginx reload

To expand:

sudo ./certbot-auto certonly -w /var/www/pydocs/ -d -d

To remove an old one:

./certbot-auto revoke --cert-path /etc/letsencrypt/live/