In this tutorial, we will learn how to use LetsEncrypt to obtain a free SSL certificate for your Nginx web server. LetsEncrypt is a free certificate authority that provides a set of tools to manage SSL in your server and it’s absolutely free. If your web application is not using SSL, then this is a must-read tutorial for you.
Prerequisites
- Server running Ubuntu 18.04. You can create a free server on DigitalOcean.
- A domain name.
Step 1 – Getting Server ready
First, update the server.
sudo apt-get upgrade
This will take a few minutes.
Let’s install Nginx.
The Nginx files are located at /etc/nginx directory.
We need to install the software called Certbot that will help us in the SSL setup.
First, add the repository.
Press ENTER to accept.
Install Certbot software.
Now our Server is ready to obtain an SSL certificate.
Step 2 – Configure Nginx
Create a new file called yourdomain.conf and place it in /etc/nginx/conf.d directory. Paste the configuration shown below.
listen 80;
listen [::]:80;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name yourdomain.com www.yourdomain.com;
location / {
try_files $uri $uri/ =404;
}
}
This is as basic as it can get.
Save the file.
Run the test using Nginx.
If everything is good, restart the Nginx server.
Now, allow the Nginx services on the firewall. Run these command one by one.
sudo ufw delete allow 'Nginx HTTP'
Then check the status to reconfirm.
Check the Nginx Full key.
Step 3 – Obtaining a SSL certificate
Now everything is setup, run this command to get the SSL certificate for your domain.
Replace yourdomain.com with your own domain name.
If everything goes well, you will receive the following output.
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
I suggest you use option 2 and press ENTER.
Certbot now will download your SSL certificate and re-configure your Nginx configuration automatically.
Try reloading your website, you should be seeing https:// before your domain name.
Step 4 – Verify Auto-Renewal
LetsEncrypyt certificates are only valid for 3 months and Certbot software automatically renew your SSL. We can also check whether this is working or not using the following command.
If you see no errors, you are good to go. Enjoy free SSL for a lifetime!
If in future any errors come up, Certbot will email you about it on the specified email address.
Conclusion
In this tutorial, we studied how to use LetsEncrypt service to obtain and manage a free SSL certificate. SSL is mandatory now for any public applications and you should have it to secure your user’s data over the internet.
