Showing posts from July, 2016

Nginx: set up a LetsEncrypt SSL certificate with auto-renewal in 3 easy steps

Unless you have been living under a rock for the past year, you should know by now that you can get SSL certificates free of charge from LetsEncrypt , without registration, and with automatic renewal! This is one of the best thing that's happened to web admins and the web in general in the recent years. The certificates are authentic and work great in all browsers (you get the little green lock icon like everywhere else). Let's get straight to the point. The three steps are summarized here: 1) Download LetsEncrypt (the application) for your Linux server 2) Run the application to generate a certificate for your domain and set up the monthly auto-renew cron job 3) Add the certificate to your Nginx configuration. Step 1: download LetsEncrypt Install git if you haven't done so yet: # apt-get install git Use git to get the application and store it somewhere (ie: /root/temp) # git clone /root/temp/letsencrypt

Nginx and LetsEncrypt SSL certificate problem with iOS and Safari (fixed)

I have recently started using LetsEncrypt as my main SSL certificate supplier, it's amazing! With the auto-renew cron task, I have literally 0 work to do to keep certificates up to date, and of course, it's free. I recently noticed an issue though: when I visit my websites over HTTPS on my iPhone (and reportedly the problem exists with Safari on Mac OS X as well), the sites simply will not load. This is the error I get: The error reads: " Safari cannot open the page because the network connection was reset. The server may be busy ". After trying to sort out the problem for hours and Googling up the error everywhere, I finally stumbled upon this forum thread . Well thank you Mr. Duckson because that really did fix the problem! The solution: in your server {  ... } block, insert the ssl_session_cache directive with whatever value you deem fit. Example from Nginx documentation:  ssl_session_cache shared:SSL:10m ; Save your configuration, reload Ngi