{"id":255978,"date":"2018-08-14T05:06:52","date_gmt":"2018-08-13T21:06:52","guid":{"rendered":"http:\/\/blog.zhenglei.net\/?p=255978"},"modified":"2018-08-17T23:57:58","modified_gmt":"2018-08-17T15:57:58","slug":"encrypt-wordpress-server-with-lets-encrypt-ssl-certificate","status":"publish","type":"post","link":"https:\/\/blog.zhenglei.net\/?p=255978","title":{"rendered":"Encrypt WordPress Server with Let’s Encrypt SSL certificate"},"content":{"rendered":"
# Install acme.sh tool\r\ngit clone https:\/\/github.com\/Neilpang\/acme.sh.git\r\n\r\ncd acme.sh\r\n\r\n.\/acme.sh --install\r\n\r\n#install cert\r\ncd ~\/.acme.sh\r\n<\/code><\/pre>\n
# issue a RSA cert\r\nsudo .\/acme.sh --issue --d blog.zhenglei.net -w \/var\/www\/html\/wordpress\r\n\r\n# issue a ECC cert\r\n.\/acme.sh --issue -d blog.zhenglei.net -w \/var\/www\/html\/wordpress --keylength ec-256\r\n\r\n# Copy the cert into target directory\r\nsudo mkdir -p \/etc\/nginx\/ssl\r\n\r\nsudo .\/acme.sh --installcert -d blog.zhenglei.net --key-file \/etc\/nginx\/ssl\/blog.zhenglei.net.ecc.key --fullchain-file \/etc\/nginx\/ssl\/blog.zhenglei.net.ecc.bundle --ecc\r\nsudo .\/acme.sh --installcert -d blog.zhenglei.net --key-file \/etc\/nginx\/ssl\/blog.zhenglei.net.key --fullchain-file \/etc\/nginx\/ssl\/blog.zhenglei.net.bundle<\/code><\/pre>\n
# Update nginx config
server {\r\n #listen 80;\r\n\r\n listen 443;\r\n ssl on;\r\n ssl_certificate ssl\/blog.zhenglei.net.bundle;\r\n ssl_certificate_key ssl\/blog.zhenglei.net.key;\r\n\r\n ssl_session_timeout 5m;\r\n\r\n ssl_protocols SSLv3 TLSv1;\r\n ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;\r\n\r\n ssl_prefer_server_ciphers on;\r\n ...\r\n}
\r\nserver {
        listen 80 default_server;\r\n        server_name blog.zhenglei.net;

        # Let's Encrypt, http method
        location ~ \\.well-known
        {
           root \/var\/www\/html\/wordpress\/;
           allow all;
           access_log on;
           log_not_found on;
        }\r\n return 301 https:\/\/$server_name$request_uri;\r\n}\r\n\r\n\r\n\r\n\r\n\r\n\r\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
# Install acme.sh tool git clone https:\/ … \u7ee7\u7eed\u9605\u8bfb →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,13,6],"tags":[378,60,177,100],"class_list":["post-255978","post","type-post","status-publish","format-standard","hentry","category-document","category-html","category-internet","tag-acme-sh","tag-blog","tag-ssl","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/posts\/255978","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=255978"}],"version-history":[{"count":4,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/posts\/255978\/revisions"}],"predecessor-version":[{"id":255987,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/posts\/255978\/revisions\/255987"}],"wp:attachment":[{"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=255978"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=255978"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=255978"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}