Some hours ago decided to sit and secure my site. Also this is a requirement for HTTP/2.

So with Let’s Encrypt it has worked out like a charm. I have generated certificates over --webroot plugin. Added certificates to available nginx sites. By default HTTP is redirected to HTTPS with 301 Moved Permanently. HTTP/2 required a bit more moves but configuration itself was just: listen 443 ssl http2;.

From this moment Gitlab also works over HTTPS.

Chrome browser can show if site works with HTTP/2 with HTTP/2 and SPDY indicator.

For now browser green lock badge is acquired.

Later I need to check how renewal works with cron job.