How To Install Let’s Encrypt on Ubuntu With Nginx Server

Certificate Authority provides easy way to upload free TSL/SSL certificate on site. You can enable HTTPS on web server by Let’s Encrypt.
In this tutorial, we will use certbot to upload ssl certificate for Nginx on Ubuntu. The certificate is valid for 90 days, we will setup your certificate to renew automatically.

Installing Certbot

Don't Miss

We need to install Certbot software on your server to obtain an SSL certificate by using Let’s Encrypt. Ubuntu provides Certbot packages but it would be outdated.
Add the repository:

sudo add-apt-repository ppa:certbot/certbot

Update the package list to pick up the new repository’s package information:

sudo apt-get update

Now install the Certbot nginx package:

sudo apt-get install python-certbot-nginx

Or

sudo apt update

sudo apt install -y software-properties-common

sudo add-apt-repository universe

sudo apt update

Configure Nginx

We need to add server_name directive that matches the domain you are requesting a certificate for. We have to update default nginx. Open it with text editor and add your doamin name.

sudo nano /etc/nginx/sites-available/default

server {
  ....
    server_name yoursite.com www.yoursite.com;
  ....
}

Restart Nginx Server

Restart nginx server to reload new nginx configuration.

sudo service nginx restart

Allowing HTTPS through the Firewall

If we have enabled ufw firewall the we need to allow for HTTPS traffic. We can check status by below command:

sudo ufw status

Output:

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
Nginx HTTP                 ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
Nginx HTTP (v6)            ALLOW       Anywhere (v6)

We have to allow the Nginx Full profile and then delete the Nginx HTTP profile:

sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'

Obtaining an SSL Certificate

We have to reconfigure nginx to obtain ssl.

sudo certbot --nginx -d yoursite.com -d www.yoursite.com

If we are running cerbot first time then we have to enter an email address and agress to the terms of service. After that, certbor will communicate with Lets’s Encrypt server then run a challange to verify that we control the domain. After success, cerbot will ask how you would like to configure HTTPS settings.

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Select your choice then hit ENTER. Recommended choice 2. It will auto configure all setting and reload the nginx server with new settings. Now certbot will show success message and also show the path of stored certificates.

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/example.com/fullchain.pem. Your cert will
   expire on 2017-10-23. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot again with the
   "certonly" option. To non-interactively renew *all* of your
   certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Our certificates are downloaded, installed, and loaded. Now we can run the https://yoursite.com form browser. We can test ssl server by using SSL labs https://www.ssllabs.com/ssltest/analyze.html?d=yoursite.com&latest

Verifying Certbot Auto-Renewal

Let’s Encrypt’s certificates are valid for 90 days. We have to automate renew process. For this we are creating a file renew_lets_encrypt.sh into /usr/share/local/bin folder and add a symbolic link into /etc/cron.monthly. It will renew every month by dry run with certbot:
To test the renewal process, you can do a dry run with certbot:

sudo nano /usr/local/bin/renew_lets_encrypt.sh
#!/bin/bash
sudo certbot renew --dry-run
[/sourcecode]
sudo chmod 777 /usr/local/bin/renew_lets_encrypt.sh

After creating file, we have to add symbolic link by using below commad:

sudo ln -s /usr/local/bin/renew_lets_encrypt.sh /etc/cron.monthly/renew_lets_encrypt

LEAVE A REPLY

Please enter your comment!
Please enter your name here

564FansLike

Recent Posts

Concept of Session in Laravel Tutorial

Sessions are used to store details about the user throughout the requests. Laravel supplies various drivers like file, cookie, apc, array, Memcached, Redis, and database to handle session data. By default, file driver is used as a result of it's light-weight....

Laravel Url Generation Tutorial

Our web application revolves around routes and URLs. After all, they're what direct our users to our pages. At the end of the day, serving pages is what any web application should do. Our users may...

Concept of Laravel Views Tutorial

In MVC framework, the letter "V" stands for Views. It separates the application logic and presentation logic. Views are saved in resources/views listing. Generally, the view contains the HTML which might be served by the application.

Related Articles

Concept of Session in Laravel Tutorial

Sessions are used to store details about the user throughout the requests. Laravel supplies various drivers like file, cookie, apc, array, Memcached, Redis, and database to handle session data. By default, file driver is used as a result of it's light-weight....

Laravel Url Generation Tutorial

Our web application revolves around routes and URLs. After all, they're what direct our users to our pages. At the end of the day, serving pages is what any web application should do. Our users may...

Concept of Laravel Views Tutorial

In MVC framework, the letter "V" stands for Views. It separates the application logic and presentation logic. Views are saved in resources/views listing. Generally, the view contains the HTML which might be served by the application.
WP2Social Auto Publish Powered By : XYZScripts.com