diff --git a/security/letsencrypt/introduction/nginx.conf b/security/letsencrypt/introduction/nginx.conf
index ef5d1628f..d289af042 100644
--- a/security/letsencrypt/introduction/nginx.conf
+++ b/security/letsencrypt/introduction/nginx.conf
@@ -36,20 +36,20 @@ http {
}
- server {
- listen 443 ssl default_server;
- listen [::]:443 ssl default_server ;
- server_name marcel.guru;
- ssl_certificate /etc/letsencrypt/live/marcel.guru/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/marcel.guru/privkey.pem;
- root /usr/share/nginx/html/;
-
- location / {
- gzip off;
- root /usr/share/nginx/html/;
- index index.html;
- }
-
- }
+ # server {
+ # listen 443 ssl default_server;
+ # listen [::]:443 ssl default_server ;
+ # server_name marcel.guru;
+ # ssl_certificate /etc/letsencrypt/live/marcel.guru/fullchain.pem;
+ # ssl_certificate_key /etc/letsencrypt/live/marcel.guru/privkey.pem;
+ # root /usr/share/nginx/html/;
+
+ # location / {
+ # gzip off;
+ # root /usr/share/nginx/html/;
+ # index index.html;
+ # }
+
+ # }
}
diff --git a/security/letsencrypt/introduction/readme.md b/security/letsencrypt/introduction/readme.md
new file mode 100644
index 000000000..0160cc847
--- /dev/null
+++ b/security/letsencrypt/introduction/readme.md
@@ -0,0 +1,113 @@
+# Let's encrypt
+
+## Introduction
+To start off, I run an NGINX web server.
+This could be running anywhere in the cloud.
+
+```
+docker run -it -p 80:80 nginx bash
+
+# get my public IP for this server
+curl ifconfig.co
+
+# lets get out of the container
+exit
+
+```
+
+Now that we have the public IP for our server, lets start it up again
+This time, without bash
+We should be able to access it in the browser
+
+```
+docker run -it -p 80:80 nginx
+```
+
+In the video, we create a DNS record and point it to the IP of our server
+
+## Certbot
+
+The [docs](https://certbot.eff.org/)
+
+To build certbot, i simply change directory and build my certbot container
+
+```
+cd .\security\letsencrypt\introduction\
+
+docker build . -t certbot
+
+docker run -it --rm --name certbot `
+-v ${PWD}:/letsencrypt `
+-v ${PWD}/certs:/etc/letsencrypt `
+certbot bash
+
+```
+
+## NGINX
+
+We've customised our `nginx.conf` as shown in the video
+
+Run this NGINX, we mount the shared folder that certbot will use:
+
+```
+cd .\security\letsencrypt\introduction\
+
+docker run -it --rm --name nginx `
+-v ${PWD}/nginx.conf:/etc/nginx/nginx.conf `
+-v ${PWD}:/letsencrypt `
+-v ${PWD}/certs:/etc/letsencrypt `
+-p 80:80 `
+-p 443:443 `
+nginx
+
+```
+
+## Issue certificate
+
+In certbot, generate our cert:
+
+```
+certbot certonly --webroot
+
+# webroot is the folder we mounted: /letsencrypt
+
+# certificate outputs under etc/letsencrypt/live/**
+# since we share this volume with our webserver, we dont need to copy
+# certificates across.
+
+IMPORTANT NOTES:
+ - Congratulations! Your certificate and chain have been saved at:
+ /etc/letsencrypt/live/marcel.guru/fullchain.pem
+ Your key file has been saved at:
+ /etc/letsencrypt/live/marcel.guru/privkey.pem
+ Your cert will expire on 2020-12-03. To obtain a new or tweaked
+ version of this certificate in the future, simply run certbot
+ again. To non-interactively renew *all* of your certificates, run
+ "certbot renew"
+ - Your account credentials have been saved in your Certbot
+ configuration directory at /etc/letsencrypt. You should make a
+ secure backup of this folder now. This configuration directory will
+ also contain certificates and private keys obtained by Certbot so
+ making regular backups of this folder is ideal.
+ - If you like Certbot, please consider supporting our work by:
+
+ Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
+ Donating to EFF: https://eff.org/donate-le
+
+```
+
+## Renewal
+
+To do a dry run of cert renewal:
+
+```
+certbot renew --dry-run
+```
+
+Reload our NGINX web server if the certs change:
+
+```
+docker exec -it nginx sh -c "nginx -s reload"
+```
+
+Checkout the Certbot [docs](https://certbot.eff.org/instructions) for more details
diff --git a/security/letsencrypt/readme.md b/security/letsencrypt/readme.md
deleted file mode 100644
index 76751cde5..000000000
--- a/security/letsencrypt/readme.md
+++ /dev/null
@@ -1,52 +0,0 @@
-
-
-```
-docker run -it -v ${PWD}:/work -w /work nginx bash
-```
-
-```
-docker run -it --rm --name nginx -v ${PWD}/nginx.conf:/etc/nginx/nginx.conf `
--v ${PWD}:/letsencrypt `
--v ${PWD}/certs:/etc/letsencrypt `
--p 80:80 `
--p 443:443 `
-nginx
-
-```
-
-
-```
-docker build . -t certbot
-
-docker run -it --rm --name certbot `
--v ${PWD}:/letsencrypt `
--v ${PWD}/certs:/etc/letsencrypt `
-certbot bash
-
-certbot certonly --webroot
-```
-
-
-```
-IMPORTANT NOTES:
- - Congratulations! Your certificate and chain have been saved at:
- /etc/letsencrypt/live/marcel.guru/fullchain.pem
- Your key file has been saved at:
- /etc/letsencrypt/live/marcel.guru/privkey.pem
- Your cert will expire on 2020-12-03. To obtain a new or tweaked
- version of this certificate in the future, simply run certbot
- again. To non-interactively renew *all* of your certificates, run
- "certbot renew"
- - Your account credentials have been saved in your Certbot
- configuration directory at /etc/letsencrypt. You should make a
- secure backup of this folder now. This configuration directory will
- also contain certificates and private keys obtained by Certbot so
- making regular backups of this folder is ideal.
- - If you like Certbot, please consider supporting our work by:
-
- Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
- Donating to EFF: https://eff.org/donate-le
-
-```
-
-