Hey,
In this post I will explain you how to set up SSL certificates for domains.
For this we need a domain and Certbot. We show here how to do this best with Cloudflare.
The commands are for Ubuntu, but should also work on other operating systems.
## Install snap store for Certbot
apt install snapd && snap install snap-store
# Install Certbot
snap install -classic certbot
# Install Phython for Cloudflare DNS for Certbot
apt install python3-pip -y
# Install Cloudflare DNS
pip3 install certbot-dns-cloudflare
# create .secrets folder
mkdir /root/.secrets/
# Insert API token from Cloudflare.
For this we create a cloudflare.ini file and insert our data as follows:
dns_cloudflare_api_token = "derApiTokenhier"
# set permissions for .secrets folder
chmod 0700 /root/.secrets/ -R
chmod 0400 /root/.secrets/* -R
# create certificate
certbot certonly -dns-cloudflare -dns-cloudflare-credentials /root/.secrets/cloudflare.ini -d yourmcshop.com,*.yourmcshop.com -preferred-challenges dns-01
# Now the NGINX configuration can be adjusted (e.g. http://www. yourmcshop.com)
server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name yourmcshop.com www.yourmcshop.com; root /var/www/www.yourmcshop.com; index index.php; # Logs (access and errors) error_log /var/log/nginx/www.yourmcshop.com/error.log info; access_log /var/log/nginx/www.yourmcshop.com/access.log; ssl_certificate /etc/letsencrypt/live/yourmcshop.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/yourmcshop.com/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # See https://ssl-config.mozilla.org/#server=nginx for the latest ssl settings recommendations # An example config is given below ssl_protocols TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA; ssl_prefer_server_ciphers off; client_body_buffer_size 100M; client_max_body_size 30M; location / { try_files $uri $uri/ /index.php?$args; } location ~* \.php$ { fastcgi_pass unix:/run/php/php7.4-fpm.sock; include fastcgi_params; fastcgi_intercept_errors on; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_index index.php; } #Hide the nginx version. server_tokens off; #Hide the PHP version. fastcgi_hide_header X-Powered-By; proxy_hide_header X-Powered-By; autoindex off; }