Step 1 (/etc/apt/sources.list)
deb http://ftp.debian.org/debian jessie-backports main
Step 2
aptitude update && aptitude install certbot
Step 3
sudo certbot certonly --webroot -w /var/www/lets-encrypt/stripe.mage2.pro -d stripe.mage2.pro
I use a dedicated Let's Encrypt challenge's folder (/var/www/lets-encrypt) for all my projects.
Certbot documentation: certbot.eff.org/docs
Step 4 (Nginx)
server {
listen 80;
server_name stripe.mage2.pro;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name stripe.mage2.pro;
ssl_certificate /etc/letsencrypt/live/stripe.mage2.pro/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stripe.mage2.pro/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location ~ /.well-known {
root /var/www/lets-encrypt/stripe.mage2.pro;
access_log off;
expires max;
break;
}
proxy_set_header X-Forwarded-Proto $scheme;
set $MAGE_ROOT /var/www/portal;
fastcgi_param MAGE_RUN_TYPE website;
fastcgi_param MAGE_RUN_CODE stripe_mage2_pro;
include /usr/local/nginx/conf/includes/m2-root.conf;
}
This block handles the Let's Encrypt challenge:
location ~ /.well-known {
root /var/www/lets-encrypt/stripe.mage2.pro;
access_log off;
expires max;
break;
}
Step 5 (/etc/crontab)
@daily www-data sudo certbot renew && sudo service nginx restart
rm -f /etc/cron.d/certbot
How to test
sudo certbot renew --force-renewal