Let's Encrypt!
Thanks to Let's Encrypt, this blog is now serving via https (and https only):
In the process of enabling https, I also switched my host from Dreamhost to Google Cloud, and switched to nginx as httpd. (And Dreamhost announced Let's Encrypt support after I made the switch)
The only problem with Let's Encrypt is that the certificate is only valid for 90 days (ok no support of wildcard domain might also be a problem, but I don't feel it), which means I need to renew my certificates often. Luckily that can be done via a monthly (or bi-monthly) cron job.
This is the code snippet of my nginx configuration to make both https only and Let's Encrypt ACME verification work:
server {
listen 80;
listen [::]:80;
server_name yuxuan.org www.yuxuan.org wang.yuxuan.org;
location /.well-known/acme-challenge/ {
alias /var/www/challenges/.well-known/acme-challenge/;
try_files $uri =404;
}
location / {
return 301 https://$host$request_uri;
}
}
And this is the script to be put into crontab (I use the official client from Debian experimental):
/usr/bin/letsencrypt certonly --renew-by-default --webroot -w /var/www/challenges -d yuxuan.org -d www.yuxuan.org -d wang.yuxuan.org
That's it! Please consider donating to Let's Encrypt!
