Nginx Certbot In Freebsd

Installation

First we need to install certbot

sudo pkg install py37-certbot

Stop nginx to install the certificates

sudo service nginx stop

now we can safley run certbot

sudo certbot certonly --standalone

type your email , domain and sub domains when prompted

you should recieve a success message saying

  • Congratulations! Your certificate and chain have been saved at: /usr/local/etc/letsencrypt/live/DOMAIN.COM/fullchain.pem Your key file has been saved at: /usr/local/etc/letsencrypt/live/DOMAIN.COM/privkey.pem Your cert will expire on 2020-10-24. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew all of your certificates, run "certbot renew"

  • If you like Certbot, please consider supporting our work by:

run the following to get auto-renewal (all in one line)

echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew -q" | sudo tee -a /etc/crontab > /dev/null

Modifing nginx conf

Now go to /usr/local/etc/nginx/sites-avialable/searx.conf and change it to

server {
        listen 80;
        listen [::]:80;
        access_log /dev/null;
        error_log  /dev/null;

        server_name www.searx.DOMAIN.COM searx.DOMAIN.COM;
        return 301 https://$server_name$request_uri;


}


server {
        listen              443 ssl;
        server_name         www.searx.DOMAIN.COM searx.DOMAIN.COM;
        ssl_certificate     /usr/local/etc/letsencrypt/live/DOMAIN.com/fullchain.pem;
        ssl_certificate_key /usr/local/etc/letsencrypt/live/DOMAIN.com/privkey.pem;

        location / {

                proxy_pass http://localhost:8888;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;


        }


}