bubbly

by eustasy

eustasy / bubbly

Better SSL in Nginx in 10 minutes. Configuration files and setup scripts for Certbot.

209 Stars 24 Forks Last release: 3 months ago (2.2.0) MIT License 214 Commits 17 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

Bubbly

For configuring Certbot with Nginx

Build Status Codacy Badge Maintainability

If you want an instant A+ score on Qualys SSL Labs and A score on SecurityHeaders.io, then this is what you'll need to do. You won't need any familiarity with Certbot, Let's Encrypt, the ACME spec, or SSL in general, just basic Nginx configuration.

1. Install Certbot and Clone Bubbly

We'll start off by cloning the project into the home folder with git.

cd &&
sudo apt install git certbot &&
git clone https://github.com/eustasy/bubbly

2. Generate Statics

Generate the static keys once per server.

~/bubbly/bubbly_generate-statics.sh

As it will warn, this will take a while.

Have a seat.

3. Copy config blocks

When you've gone and made something in the 15 minutes that could well take, or you've just set up a new SSH session, copy the Nginx configuration over to the Nginx area.

~/bubbly/bubbly_copy-configs.sh

4. Configure & Enable Verification

Copy the verification site template and replace the instances of

example.com
in the file with your actual domain name.
sudo cp /etc/nginx/sites-available/bubbly_verify.conf /etc/nginx/sites-available/example.com.conf
sudo nano /etc/nginx/sites-available/example.com.conf

Use

Ctrl
and
\
to initiate a search and replace for
example.com
with your domain.
sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/example.com.conf
sudo nginx -t && sudo service nginx reload

Alternatively, you can simply add

include location/bubbly_well-known-passthrough.conf;
to an existing site you want to continue working while we upgrade.

5. Fetch Certificates

Fetch your certificates like this:

~/bubbly/bubbly_renew-ssl.sh -d example.com -d www.example.com

It will ask for the root password, and an email address, so hang around, it shouldn't take more than a few seconds.

6. Start using the Certificates

Remove the verification config you just made, and replace it with a live version of the site. You'll need to more carefully review the

[OPTION]
s in this file, as you'll also need to change the certificate location to match the domain name you requested. Consider taking a look at the
[OPTION]
s and
[WARNING]
s in other linked config files.
sudo rm /etc/nginx/sites-available/example.com.conf
sudo cp /etc/nginx/sites-available/bubbly_live.conf /etc/nginx/sites-available/example.com.conf
sudo nano /etc/nginx/sites-available/example.com.conf

Use

Ctrl
and
\
to initiate a search and replace for
example.com
with your domain.
sudo nginx -t && sudo service nginx reload

7. Automate Renewal

Edit

crontab.conf
and append it to your existing cron jobs for automatic renewal. This is important, since Let's Encrypt certificates expire in three months.
nano ~/bubbly/crontab.conf
cat ~/bubbly/crontab.conf > /tmp/bubbly-crontab
crontab -l >> /tmp/bubbly-crontab
crontab /tmp/bubbly-crontab

Screenshot of SSLLabs.com

Screenshot of SecurityHeaders.io

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.