Free SSL for Rails and Nginx using Let's Encrypt Discussion
Hey Chris! looks like these instructions are no longer working with the latest versions of letsencrypt that use certbot.. do you know how to get it runing with the latest version? I Tried using certbot but couldn't get it to work.
This article needs to be updated. The command given to create the cert does not work at this point of the tutorial. It seems Certbot has changed slightly many steps.
this is a little bit outdated, and I hope Chris doesnt mind me posting this, this is what you would do on an ubuntu 18.04 and nginx:
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
then
sudo apt-get install certbot python-certbot-nginx
now create the certificate
sudo certbot --nginx
this will alter your nginx site-enabled/default file, so make a copy and move it outside site-enabled/default to somewhere else safe.
here is a copy of my default file, I modified it a bit to work with action cable
upstream app {
server 127.0.0.1:3000;
}
server {
root /var/www/app_name_here/public;
index index.html index.htm index.nginx-debian.html;
server_name app_name_here; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app;
# try_files $uri $uri/ =404;
}
location /cable {
proxy_pass http://app;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/app_name_here/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/app_name_here/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /root/dhparams.pem; # managed by Certbot
}
server {
listen 80 ;
listen [::]:80 ;
return 301 https://$host$request_uri;
}
do not copy and paste the default file, its here for you to look at :)
I hope this helps someone, and please if you have any feedback please let me know