WEBBEE is a Global Gold Partner and Bitrix24Service Provider. We specialize in Implementation, Business Process Automation, Custom Solutions, 3rd-party Integration, Bitrix24 Apps, Training, License sales and renewal, cloud to server Migrations.
--webroot - a special key that increases the reliability of Certbot's work under Nginx; --agree-tos - automatic agreement with the Terms of Service; --email email@example.com - Your e-mail. Be careful, as it can not be changed; it will be required, for example, to restore access to the domain and to renew it; -w /home/bitrix/www - specify the root directory of the main site; If you have a multi-site configuration, specify the path to additional site: /home/bitrix/ext_www/ -d domain.com - through the -d parameter, we specify which domains we are requesting the certificate for. You must start from the second-level domain domain.com and through the same key specify subdomains, for example, -d www.domain.com -d crm.domain.com
The Certbot script starts its work, suggests installing additional packages, click agree and wait for the end of the work.
Upon successful completion of work, the Certbot congratulates you on the generation of the certificate and shows the following message:
- If you lose your account credentials, you can recover through
e-mails sent to firstname.lastname@example.org
- Congratulations! Your certificate and chain have been saved at
cert will expire on 2019-05-12. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- Your account credentials have been saved in your Let's Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let's
Encrypt so making regular backups of this folder is ideal.
- If like Let's Encrypt, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
* - If instead of this message there is an error "Failed to connect to host for DVSNI challenge", then you need to configure your Firewall so that TCP traffic on ports 80 and 443 is allowed.
** - If you use Cloudflare services for your domain, disable them for the duration of the certificate generation.
3. Nginx configuration
We received a free SSL-certificate for 3 months. We only need to configure Nginx and set the automatic extension of the certificate to cron.
To increase the level of encryption and to obtain an A + score when verifying the certificate, let's increase the security level and generate the Diffie-Hellman group.