Encrypt https on nginx

Edit nginx domain.conf Include this line in :80 ``` location /.well-known { alias /var/www/{{DOMAIN}}/{{PROJECT}}/wellknown/.well-known; } ``` Then save. --------------------- run ``` mkdir -p /var/www/{{DOMAIN}}/{{PROJECT}}/wellknown/ service nginx reload /opt/certbot-auto certonly --webroot -w /var/www/{{DOMAIN}}/{{PROJECT}}/wellknown/ -d yourdomain.com -d www.anotherdomain.com ``` In nginx domain.conf ``` server { listen 80; server_name {{DOMAIN}}; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name yourdomain.com; ssl_certificate /etc/letsencrypt/live/{{DOMAIN}}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{DOMAIN}}/privkey.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; # your old setting here } ``` --------------------- NOTE: Renew certbot ``` certbot renew ``` NOTE: Setting Django something like ``` SECURE_SSL_REDIRECT = True SESSION_COOKIE_SECURE = True SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') CSRF_COOKIE_SECURE = True ```