How to Install free SSL on your Subdomain using LetsEncrypt

Codeforgeek runs on headless WordPress. What that means is we only use WordPress to manage content and front-end is serving the content separately.

If you are interested in Codeforgeek technology stack then have a look at this article.

Our WordPress server runs on a different sub-domain and on a separate Server. We had to install SSL for a sub-domain since it’s running on a separate server and we can’t use wild care certificate in this particular scenario.

If your situation is similar to mine then this article is for you.

Let’s follow it step by step.

Step 1: Check Nginx Configuration file

Make sure your configuration file of Nginx is proper and you have your subdomain placed in the server_name field.

server {
     listen 443 ssl http2;
     server_name subdomain.domain.com;
     ......
     ......
     rest of the setting
}

Step 2: Install LetsEncrypt

To install LetsEncrypt in your Server, run the following command.

sudo add-apt-repository ppa:certbot/certbot

Then,

sudo apt-get update

Then install Certbot.

sudo apt-get install python-certbot-nginx

Step 3: Obtain SSL for subdomain

Run the following command to generate an SSL certificate for your subdomain.

certbot -d subdomain.domain.com --manual --preferred-challenges dns certonly

Let me explain the command.

-d – pass the subdomain.
–manual – manual authentication method.
–preferred-challenges dns – Use DNS authentication method. You need to manually add the DNS value to verify that you own the subdomain.

I am using the DNS method here because to me it’s simple and straight forward.

Once you run the command. Letsencrypt will probably ask your e-mail address and then it will generate a TXT record.

Copy the TXT record and go to your DNS provider. If you are using Cloudflare, you can simply add the values TXT record in the DNS section.

Once you have added the DNS record. Hit the enter to verify.

After verification, you will have your SSL file generated at the following location.

/etc/letsencrypt/live/subdomain.domain.com/fullchain.pem;
/etc/letsencrypt/live/subdomain.domain.com/privkey.pem;

Awesome. Now add the SSL file in the Nginx configuration and you restart the Nginx Server.

server {
     listen 443 ssl http2;
     server_name subdomain.domain.com;
     ssl_certificate /etc/letsencrypt/live/subdomain.domain.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.com/privkey.pem;
     ......
     ......
     rest of the setting
}

Test Nginx configuration.

sudo nginx -t

Then, restart Nginx Server.

sudo service nginx restart

You should have an SSL enabled in your subdomain now.