Activating Let’s Encrypt SSL certificate on a site run by Easy Engine

Say we have a site on Easy Engine v3.7.4 setup that is not encrypted. We want to get it running under HTTPS protocol, right?

Let’s Encrypt seems to be the fastest, easiest and cheapest way to go. So here we go, the command is rather simple:

Well, that’s cool, but we might get a error, stating that:

It would sometimes help to see the logs:

If we don’t quite have a clue what’s going on there, there are several things we should try fixing or doing:

  1. Create an CNAME for a www subdomain of your domain, looking in the same direction. If you can’t access your site on the same server both with and without www, then Easy Engine won’t install Let’s Encrypt at all.
  2. Install Let’s Encrypt. Yes, seriously, it might be the case that Easy Engine didn’t install it. Here is the command for this:
  3. Get your locales straight. I didn’t believe this could be yet another reason for blocking Easy Engine’s command from finishing correctly, but it actually was:

Doing all of these should higher your chances for a successful installation of Let’s Encrypt for the website. This might not be the end of your sufferings, though. Restart your web server and have a look at your site:

If Chrome is giving you a  ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY on https and on http you are missing all local resources, apart from the html and probably some remote scripts or images from a CDN, or you are getting more or less the same behaviour from Firefox with this error NS_ERROR_NET_INADEQUATE_SECURITY, then you need to do one more thing. Add some funny-looking lines to your ssl.conf file:

There would be several lines of stuff there. Something like this:

Well, this is obviously not enough, is it now? Let’s add this:

This should do the trick and you should have a smoothly running website under Let’s Encrypt’s protection.

Join the Conversation

6 Comments

  1. Excellent post thank you very much for sharing. Adding the code below will give you an extra layer of protection, it will block sql injections

    ## Block SQL injections
    set $block_sql_injections 0;
    if ($query_string ~ “union.*select.*(“) {
    set $block_sql_injections 1;
    }
    if ($query_string ~ “union.*all.*select.*”) {
    set $block_sql_injections 1;
    }
    if ($query_string ~ “concat.*(“) {
    set $block_sql_injections 1;
    }
    if ($block_sql_injections = 1) {
    return 403;
    }

    ## Block file injections
    set $block_file_injections 0;
    if ($query_string ~ “[a-zA-Z0-9_]=http://”) {
    set $block_file_injections 1;
    }
    if ($query_string ~ “[a-zA-Z0-9_]=(..//?)+”) {
    set $block_file_injections 1;
    }
    if ($query_string ~ “[a-zA-Z0-9_]=/([a-z0-9_.]//?)+”) {
    set $block_file_injections 1;
    }
    if ($block_file_injections = 1) {
    return 403;
    }

Leave a comment

Your email address will not be published. Required fields are marked *