Configure Let's Encrypt + Nginx in Ubuntu
JPBlancoDB
Posted on November 7, 2019
Step-by-step guide to install Let's Encrypt certificate
Translated into: Español
First, let's briefly define what Let's Encrypt is for by quoting them.
Let’s Encrypt is a free, automated, and open Certificate Authority.
In summary, with Let's Encrypt we obtain a secure domain certificate (SSL) for our site and for free.
Steps:
- Install Certbot in the server:
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
- We need to modify nginx file (we are going to use the default file for simplicity):
sudo nano /etc/nginx/sites-available/default
Search and replace the line that contains server_name
with:
server_name domain.com www.domain.com;
Verify nginx configuration is correct:
sudo nginx -t
- Restart Nginx:
sudo systemctl reload nginx
- Installing the certificate:
sudo certbot --nginx -d domain.com -d www.domain.com
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
sudo nano /etc/nginx/sites-available/default
Add in the server section:
ssl_dhparam /etc/ssl/certs/dhparam.pem;
Let's verify again that our configuration is correct:
sudo nginx -t
Restart Nginx:
sudo systemctl reload nginx
- Finally, we need to automatically renew our certificate because it expires every 90 days:
sudo crontab -e
and add:
15 3 \* \* \* /usr/bin/certbot renew –quiet
Done! We have our domain secure with SSL.
Lastly, we could verify the state of our certificates with certbot by executing this command:
certbot certificates
I hope this is helpful! If you have any doubts you could contact me via Twitter or by adding a comment :)
Translated into Español
Posted on November 7, 2019
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.