https://wiki.eofnet.lt/w//index.php?action=history&feed=atom&title=Letsencrypt
Letsencrypt - Versijų istorija
2026-04-15T15:02:26Z
Šio puslapio versijų istorija projekte
MediaWiki 1.35.1
https://wiki.eofnet.lt/w//index.php?title=Letsencrypt&diff=8632&oldid=prev
\dev\null 07:52, 26 kovo 2018
2018-03-26T07:52:33Z
<p></p>
<p><b>Naujas puslapis</b></p><div>{{Template:Kuriamas}}<br />
== Debian Jessie (8.x) ==<br />
<br />
echo 'deb http://ftp.debian.org/debian jessie-backports main' | sudo tee /etc/apt/sources.list.d/backports.list<br />
sudo apt-get update<br />
sudo apt-get install certbot -t jessie-backports<br />
<br />
sudo certbot certonly -a webroot --webroot-path=/var/www/html -d example.com -d www.example.com<br />
<br />
<br />
== nginx.conf == <br />
<br />
location ~ /.well-known {<br />
root /home/useris/public;<br />
allow all;<br />
}<br />
<br />
=== /etc/nginx/snippets/ssl-params.conf ===<br />
# from https://cipherli.st/<br />
# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html<br />
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<br />
ssl_prefer_server_ciphers on;<br />
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";<br />
ssl_ecdh_curve secp384r1;<br />
ssl_session_cache shared:SSL:10m;<br />
ssl_session_tickets off;<br />
ssl_stapling on;<br />
ssl_stapling_verify on;<br />
resolver 8.8.8.8 8.8.4.4 valid=300s;<br />
resolver_timeout 5s;<br />
# Disable preloading HSTS for now. You can use the commented out header line that includes<br />
# the "preload" directive if you understand the implications.<br />
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";<br />
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";<br />
add_header X-Frame-Options DENY;<br />
add_header X-Content-Type-Options nosniff;<br />
ssl_dhparam /etc/ssl/certs/dhparam.pem;<br />
=== Redirectas i ssl ===<br />
server {<br />
listen 80;<br />
server_name example.com www.example.com;<br />
return 301 https://$server_name$request_uri;<br />
}<br />
=== SSL hostas ===<br />
server {<br />
listen 443 ssl;<br />
server_name example.com www.example.com;<br />
include snippets/ssl-params.conf;<br />
ssl_certificate ...path to fullchain.pem;<br />
ssl_certificate_key ..path to privkey.pem;<br />
}<br />
<br />
== Cron renew ==<br />
30 2 * * * root /usr/bin/certbot renew --noninteractive --renew-hook "/bin/systemctl reload nginx" >> /var/log/le-renew.log</div>
\dev\null