Setup LetsEncrypt for Nginx using Certbot for Free SSL Certificate

Learn to set up a complete LetsEncrypt on Nginx Web Server using Certbot program on Ubuntu Cloud Server for free SSL certificate that auto-renews, and secured HTTP request for website.

Having an SSL certificate on the domain name is really important. Thankfully, we can generate and add a free SSL certificating using LetsEncrypt for Nginx.

The certificate shows the credibility of the website. It also helps in improving search engine ranking as Google has decided it as one of the ranking factors.

In this article, we will be learning how to install and set up Let’s Encrypt for Nginx using Certbot program. This will help us to enable the security certificate to the domain address and request the secured HTTP request.

If you’re not aware, this is the fifth article and video demo of #CloudServer series. We have recently published on how to install and configure Postfix with Gmail SMTP relay for SEND-only action.

Let’s dive into the topic with installing and configure Let’s Encrypt with Nginx web server —

What is Let’s Encrypt?

Per Wikipedia

Let’s Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge.

The certificate is valid for 90 days, during which renewal can take place at any time. We can generate the certificate using a program called Certbot which will also help in automatic renewal 30 days before expiration.

The SSL certificate is 100% free and forever!

Pre-requisite for LetsEncrypt Nginx

Before we get started with installing LetsEncrypt, we need to make sure that our Nginx configuration is correctly set. The certbot program directly reads and write into Nginx file.

The important set up that we need to make is sure to have server_name is set to the domain name. Since we have set up the LEMP stack to read from Nginx default file, we will verify the same.

Open the Nginx configuration file using nano editor:

sudo nano /etc/nginx/sites-available/default

Check if the server_name is set with your domain address. In my setup, it should be:

server_name demo.restorebin.com

server_name setup in nginx for letsencrypt

If you’ve made the changes to reflect server name to your domain address, then test the configuration file using below command:

sudo nginx -t

If everything looks OK, then restart the Nginx using below command to commit the changes on the server.

sudo service restart nginx

Install Certbot for Let’s Encrypt

Now that we are all good with Nginx, let’s start installing LetEncrypt certificate on the server. As I mentioned, we will be using the Certbot program to manage the free SSL encryption.

Let’s start off with updating the repository and installing the pre-requisite software.

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe

update apt repository for certbot

Now add the certbot repository path to the apt to fetch and upgrade certbot in future.

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

certbot PPA repository in APT library

Install the certbot program on Ubuntu cloud using below command.

sudo apt-get install certbot python-certbot-nginx

Once the installation is completed, run below command to generate the certificate. This will also modify the Nginx blocks configuration file to enable the HTTP to HTTPS redirection along with updating live certificate locations.

sudo certbot --nginx -d example.com -d www.example.com

In my case, I will be installing a certificate only at demo.restorebin.com.

sudo certbot --nginx -d demo.restorebin.com

You’ll be prompted to enter a few details while generating the certificate specific to your domain name.

install and configure certbot for letsencrypt SSL certificate

In the process, you will be also asked how to manage the HTTP traffic and provided with two options.

  1. No redirect – Make no further changes to the web server configuration.
  2. Redirect – Make all requests redirect to secure HTTPS access.

You should choose the second option to make the website or blog more secured and redirect HTTP traffic to HTTPS in order to avoid the duplicate content issue as HTTP & HTTPS versions.

HTTP to HTTPs redirection using certbot program with free SSL

Test Domain SSL Certificate

Once the certificate is generated successfully, you can test the authenticity and score at SSLLabs.com. Copy and paste the URL in the browser in below format replacing your domain name.

For www.example.com at:

https://www.ssllabs.com/ssltest/analyze.html?d=www.example.com

For example.com at:

https://www.ssllabs.com/ssltest/analyze.html?d=example.com

I will be testing the SSL certificate for demo.restorebin.com at below URL.

https://www.ssllabs.com/ssltest/analyze.html?d=demo.restorebin.com

The test will take a few minutes to complete. It will check all the parameters and configuration including in Nginx configuration.

SSLLabs Test Report for domain

Do not expect the SSL to be perfect A+ score, we haven’t completely configured the Nginx with additional security setup. We will be covering that in the later part of the series.

Renew LetsEncrypt Certificate for Nginx

Let’s Encrypt certificate issued for 90 days only. If we do not renew the certificate, it gets expired post 90 days. But thankfully, the certbot program has the ability to automatically renew the SSL certificate 30 days prior to expiration.

You can also check the validity of the certificate by hitting on the padlock on the domain name and select the certificate.

Let's Encrypt SSL Certificate Details

When certbot is being installed, it also adds a rule into CRON jobs to check the certificate validity daily.

We can check whether certificates need renewal by hitting the dry run command.

sudo certbot renew --dry-run

dry run certbot renewal

This command will just stimulate the certificate renewal, however, do not update the existing certificates.

If you want to renew the certificate immediately, you can run the following command without dry run :

sudo certbot renew

You can also view the installed certificates for all the domains on your server using below command:

sudo certbot certificates

Certificate Details installed with Certbot program

This will also display the information about certificate expiration due date.

Watch how to configure Let’s Encrypt for Nginx

Watch a complete video demo on installing LetsEncrypt program for Nginx and also test the domain’s SSL certification.

I hope you liked the video, please subscribe to our channel for more updates.

What’s next in #CloudServer series?

I hope this article was helpful, next we are going to cover how to secure our Ubuntu cloud server using Firewall. We will be installing and configure the UFW program for firewall security.

If you've any thoughts on Setup LetsEncrypt for Nginx using Certbot for Free SSL Certificate, then feel free to drop in below comment box. Also, please subscribe to our restoreBin YouTube channel for amazing videos tips. Cheers!

Share

Leave a Reply

Your email address will not be published. Required fields are marked *