# HTTPS: create Diffie-Hellman keys openssl dhparam -dsaparam -out /etc/nginx/dhparam.pem 2048 # HTTPS: create ACME-challenge common directory sudo -u {{ data.user }} sh -c "mkdir -p /var/www/_letsencrypt" # HTTPS: certbot (obtain certificates)
# disable before first run: ssl_certificate, ssl_certificate_key, ssl_trusted_certificate certbot certonly --webroot -d {{ domain() }} -d www.{{ domain() }} -d cdn.{{ domain() }} --email {{ data.email ? data.email : 'hello@' + domain() }} -w /var/www/_letsencrypt -n --agree-tos --force-renewal # WordPress: add to wp-config.php (CVE-2018-6389) define('CONCATENATE_SCRIPTS', false);