On the fly (and free) SSL registration and renewal inside OpenResty/nginx with Let’s Encrypt.
This OpenResty plugin automatically and transparently issues SSL certificates from Let’s Encrypt (a free certificate authority) as requests are received. It works like:
A SSL request for a SNI hostname is received.
If the system already has a SSL certificate for that domain, it is immediately returned (with OCSP stapling).
If the system does not yet have an SSL certificate for this domain, it issues a new SSL certificate from Let’s Encrypt. Domain validation is handled for you. After receiving the new certificate (usually within a few seconds), the new certificate is saved, cached, and returned to the client (without dropping the original request).
This uses the ssl_certificate_by_lua functionality in OpenResty 188.8.131.52+.
Used in production (but the internal APIs might still be in flux).
$ sudo luarocks install lua-resty-auto-ssl
# Create /etc/resty-auto-ssl and make sure it’s writable by whichever user
Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/QT1JClT4yhg/lua-resty-auto-ssl