# Virtual host: create symbolic link ln -s /etc/nginx/sites-available/{{ domain() }}.conf /etc/nginx/sites-enabled/{{ domain() }}.conf # HTTPS: create Diffie-Hellman keys openssl dhparam -dsaparam -out /etc/nginx/dhparam.pem {{ isSSLProfileOld() ? 1024 : 2048 }} # HTTPS - certbot (before first run): create ACME-challenge common directory sudo -u {{ data.user }} sh -c "mkdir -p /var/www/_letsencrypt" # HTTPS - certbot (before first run): disable SSL directives sed -i -r 's/(listen .*443)/\1;#/g; s/(ssl_(certificate|certificate_key|trusted_certificate) )/#;#\1/g' {{ isModularized() ? ('/etc/nginx/sites-' + (isSymlink() ? 'available' : 'enabled') + '/' + domain() + '.conf') : '/etc/nginx/nginx.conf' }} # HTTPS - certbot: obtain certificates certbot certonly --webroot -d {{ domain() }} -d www.{{ domain() }} -d cdn.{{ domain() }} --email {{ data.email ? data.email : 'info@' + domain() }} -w /var/www/_letsencrypt -n --agree-tos --force-renewal # HTTPS - certbot (after first run): enable SSL directives sed -i -r 's/#?;#//g' {{ isModularized() ? ('/etc/nginx/sites-' + (isSymlink() ? 'available' : 'enabled') + '/' + domain() + '.conf') : '/etc/nginx/nginx.conf' }}