On the fly SSL registration and renewal inside Nginx with Let’s Encrypt


On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let’s Encrypt.

This OpenResty plugin automatically and transparently issues SSL certificates from Let’s Encrypt (a free certificate authority) as requests are received. It works like:

A SSL request for a SNI hostname is received.
If the system already has a SSL certificate for that domain, it is immediately returned (with OCSP stapling).
If the system does not yet have an SSL certificate for this domain, it issues a new SSL certificate from Let’s Encrypt. Domain validation is handled for you. After receiving the new certificate (usually within a few seconds), the new certificate is saved, cached, and returned to the client (without dropping the original request).
This uses the ssl_certificate_by_lua functionality in OpenResty


Used in production (but the internal APIs might still be in flux).



$ sudo luarocks install lua-resty-auto-ssl

# Create /etc/resty-auto-ssl and make sure it’s writable by whichever user

Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/QT1JClT4yhg/lua-resty-auto-ssl

Original article

Comments are closed.

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: