Using LetsEncrypt for SSL cert

Along with the new server and blogging platform, I finally tried out https://letsencrypt.org/ for free SSL certs.

This was totally awesome! I'm using Ubuntu 16.04 and it was pretty copy/paste.

Install via apt

apt-get install letsencrypt  

Generate SSL cert

letsencrypt certonly --webroot -w /var/www/ghost -d brandonlamb.com -d www.brandonlamb.com  

Update nginx config

server {  
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name brandonlamb.com www.brandonlamb.com;
  return 301 https://brandonlamb.com$request_uri;
}

server {  
  listen 443 ssl default_server;
  listen [::]:443 ssl default_server;

  ssl on;
  ssl_certificate /etc/letsencrypt/live/brandonlamb.com/cert.pem;
  ssl_certificate_key /etc/letsencrypt/live/brandonlamb.com/privkey.pem;

  server_name brandonlamb.com www.brandonlamb.com;
  root /var/www/ghost;
  index index.html;

  location / {
    try_files $uri @ghost;
  }

  location @ghost {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header HOST $http_host;
    proxy_set_header X-NginX-Proxy true;

    proxy_pass http://127.0.0.1:2368;
    proxy_redirect off;
  }
}