Ask A Question

Notifications

You’re not receiving notifications from this thread.

Free SSL for Rails and Nginx using Let's Encrypt Discussion

Chris Oliver asked in General
gafemoyano gafemoyano
Hey Chris! looks like these instructions are no longer working with the latest versions of letsencrypt that use certbot.. do you know how to get it runing with the latest version? I Tried using certbot but couldn't get it to work.
Reply
Juan S. Caro Juan S. Caro

This article needs to be updated. The command given to create the cert does not work at this point of the tutorial. It seems Certbot has changed slightly many steps.

Reply
Nikola Okonesh Nikola Okonesh

how add subdomain https wildcard?

Reply
Bozazitz Bozazitz

this is a little bit outdated, and I hope Chris doesnt mind me posting this, this is what you would do on an ubuntu 18.04 and nginx:

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

then 

sudo apt-get install certbot python-certbot-nginx

now create the certificate

sudo certbot --nginx

this will alter your nginx site-enabled/default file, so make a copy and move it outside site-enabled/default to somewhere else safe.

here is a copy of my default file, I modified it a bit to work with action cable

upstream app {
        server 127.0.0.1:3000;
}
server {
    root /var/www/app_name_here/public;
    index index.html index.htm index.nginx-debian.html;
    server_name app_name_here; # managed by Certbot
    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_pass http://app;
    #   try_files $uri $uri/ =404;
    }
location /cable {
         proxy_pass http://app;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "Upgrade";
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-Proto https;
             proxy_redirect off;
    }    

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/app_name_here/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/app_name_here/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /root/dhparams.pem; # managed by Certbot
}
server {
    listen 80 ;
    listen [::]:80 ;
    return 301 https://$host$request_uri;
}

do not copy and paste the default file, its here for you to look at :)
I hope this helps someone, and please if you have any feedback please let me know

Reply
Lucas Moraes Lucas Moraes

Hi, Bozazitz! Thanks for the help out!

Reply
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 82,464+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.