# Virtual host: create symbolic link ln -s /etc/nginx/sites-available/{{ domain() }}.conf /etc/nginx/sites-enabled/{{ domain() }}.conf # HTTPS: create Diffie-Hellman keys openssl dhparam -dsaparam -out /etc/nginx/dhparam.pem {{ isSSLProfileOld() ? 1024 : 2048 }} # HTTPS - certbot (before first run): create ACME-challenge common directory sudo -u {{ data.user }} sh -c "mkdir -p /var/www/_letsencrypt" # HTTPS - certbot (before first run): disable SSL directives sed -i -r 's/listen (.*)443/listen \1443;#/g; s/ssl_(certificate|certificate_key|trusted_certificate) /#;#ssl_\1/g' /etc/nginx/sites-{{ isSymlink() ? 'available' : 'enabled' }}/{{ domain() }}.conf # HTTPS - certbot: obtain certificates certbot certonly --webroot -d {{ domain() }} -d www.{{ domain() }} -d cdn.{{ domain() }} --email {{ data.email ? data.email : 'info@' + domain() }} -w /var/www/_letsencrypt -n --agree-tos --force-renewal # HTTPS - certbot (after first run): enable SSL directives sed -i -r 's/#?;#//g' /etc/nginx/sites-{{ isSymlink() ? 'available' : 'enabled' }}/{{ domain() }}.conf