Cloudflare SSL letsencrypt and cloudflare

Yeah good to always backup vhosts. FYI, each time you run centmin.sh menu option 4 to recompile nginx you will auto backup your nginx vhosts. See Developer Overview: How Nginx is installed on Centmin Mod LEMP stack

---

 

oh addons/acmetool.sh doesn't touch or go anywhere near /home/nginx/domains/domain.com/* directory and files

 

behind cloudflare - workaround Cloudflare - SSL - letsencrypt and cloudflare though cloudflare shouldn't prevent it

why using dns validation and not web root ?

 

https://centminmod.com/acmetool has everything and method 3 below

There's generally 3 ways of setting up HTTPS SSL certificate for Centmin Mod Nginx HTTP/2 based HTTPS

Method 1. The traditional way via centmin.sh menu option 2, 22 and selecting yes to self-signed ssl certificates first. Then converting the self-signed ssl certificate to paid or free (Letsencrypt) web browser trusted SSL certificates outlined at How to switch self-signed SSL certificate to paid SSL certificate ? You would still need to follow the same steps outlined at Nginx SPDY SSL Configuration for obtaining and purchasing the paid SSL certificate and most important part is the concatenation of the SSL provider provided filesto create the mentioned /usr/local/nginx/conf/ssl/domaincom/ssl-unified.crt and /usr/local/nginx/conf/ssl/domaincom/ssl-trusted.crtfiles referenced in your Nginx SSL vhost config file.

You may need to also decide if you want to enable HTTP to HTTPS redirect outlined at How to force redirect from HTTP:// to HTTPS:// ?

If you didn't answer yes at time of initial nginx vhost creation to self-signed ssl certificates, you can manually setup the self-signed ssl certificate via the vhost generator by checking self-signed ssl box and enter a domain name. This will outline instructions for manually creating and setting up self-signed ssl certificate and nginx vhost settings. Then for web browser trusted ssl certificates you switch follow - How to switch self-signed SSL certificate to paid SSL certificate ?.

Method 2. Using and testing Centmin Mod 123.09beta01's new addons/acmetool.sh addon which is still in beta testing only for integrating Letsencrypt SSL certificates. And has both auto and manual methods.

Method 3. Fully manual method for free Letsencrypt SSL certificates.

• For existing non-HTTPS Nginx vhost sites migration to HTTPS as outlined at Migrating Existing Nginx Vhost From HTTP to HTTP/2 based HTTPS With Letsencrypt SSL Certificates
• For brand new Nginx vhosts not yet created on server use this guide Using Centmin Mod acmetool.sh addon for Nginx HTTP/2 based HTTPS with free Letsencrypt SSL certificates

 

cloudflare ssl can't be turned off if you want to use HTTPS, if you turn off cloudflare ssl, then HTTPS is 301 redirected to HTTP (non-https). Security wise with letsencrypt ssl on centmin mod nginx server backend + cloudflare change from flexible ssl to full strict ssl mode so cloudflare talks to your server's HTTPS setup