Here is the deal. I am not hosting a website in the normal sense but a dynamic map for my minecraft server. I have a reverse proxy for nginx to the dyn map. Now i need a certification for the address. xx.xx.xx.xx:xxxx I have a domain name connected to the ip so it would be xxx.net:xxxx I am wondering if any of you can help? I tried doing it myself and had to restore my linode from a backup state.
I may have answered my own question…
Here is how I have a reverse proxy configured for one of my sites.
For ease of use, I put the default SSL options into their own file. This way I can more easily reference it from various different server blocks:
# This goes in /opt/ssl/default_ssl_config.conf
listen 443 ssl;
# RSA certificate
ssl_certificate /etc/letsencrypt/live/{redacted}.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{redacted}.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
# Redirect non-https traffic to https
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
Next, describe the domain to listen on and where to forward your traffic.
# This goes somewhere like /etc/nginx/sites-available/{something?}.conf
# Don't forget to symlink to /etc/nginx/sites-enabled
server {
listen 80;
server_name {redacted}.com;
include /opt/ssl/default_ssl_config.conf; # <- this is the file from above
location / {
proxy_pass http://{your ip}:{your port}; # <- fill in this info for your home
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
}
}
Lets Encrypt wont know how to install the certificate, at least it didn’t know how the last time I renewed my certificate, so you will need to use the “certonly” command and make sure config files are pointing in the right place. You will also likely need to use the DNS-based challenge, but if you follow the instructions on the command prompt you should be fine.
letsencrypt certonly --manual --preferred-challenges=dns -d {redacted}.com
You shouldn’t need a cert if you’re just proxying the connection to your minecraft server.
it is not my minecraft server that needs the cert, it is the dynmap that needs it.