Let's Encrypt is a free service that provides SSL certificates, which are used to secure websites by enabling HTTPS. This means that the data sent between your web browser and the website is encrypted, making it private and secure. The process of getting and renewing these certificates is automated and straightforward, often done using a tool called Certbot
*Perequisite *
Resgistered domain
Ubuntu server
1. Update Package List
- SSH ito your ubuntu instance
- Update and install package list to ensure you have the latest information about avalaible packages
Install Ngnix using the package manager
- Run this commands below to start the Ngnix service and check the status
Expected output
sample of Ngnix webpage without domain name
2.Configure Firewall
- Allow http and https traffic through the firewall
3.Create a hosted zone in route 53 (if not created already)
-open the amazon route 53 console(see image below)
-Enter your domain name
- once hosted zone is created,get name servers information(note the four nameservers provivded by route 53. see image below)
- Update name server in your domain registrar's website (for this project I used GoDaddy). Find the DNS settings or nameserver settings for your domain and replace the existing server with the foure nameservers provided by route 53
-Add DNS records in Route 53
on Route 53 go to "create record button"see image below(make sure to replace with your domain and Ip address)
4.Configure Ngnix for Your Domain
create a new configuration file for your domain in Ngnix
- Add the following content below, replace with your domain name
Create a symbolic link to enable your configuration
use command below to test configuration to ensure there are no syntax errors
Create a root document. This ensures the webser knows exactly where to find the files requested by users, providing a consistent and reliable way to serve web content- See command below
Change ownership of the directory and its contents. This ensures that the user has full control over the files and directories and that the webserver can serve content correctly
Run this command to create an index.html file to test your configuration
Run this command to enable your configuration(ensure to replace with your own domain name )
Run this command below to to test configuration and relod Ngnix
-open browser to verify setup using your domain (http://your_domain). you should be able to see if your website is configured correctly.
The image below displayed a "Not secure" warning on the website when we accessed over HTTP, meaning that any data exchanged between the users browser and the server can be intercepted and read by third parties.
5.Secure Your Website with HTTPS
we will be using lets encrypt for this tutorial
-Before using Snap to install Certbot, check if Certbot is already installed with apt and remove it if it is. This ensures that the Snap version of Certbot will be used instead of the one from your operating system's package manager
- Run this command to instal Certbot
Run this command sudo ln -s /snap/bin/certbot /usr/bin/certbot to make sure you can execute the Certbot command. This links the path to the Certbot binary file.
Run the command
sudo certbot --nginxto obtain a certificate and automatically configure Nginx with Certbot. During the process, you will be prompted to:
- Enter your email address.
- Read and accept the terms and conditions of Let’s Encrypt by typing y to proceed.
- Type y to allow notifications.
- Choose your domain name or enter it manually.
The output should look like the image below.
The Certbot packages on your system include a scheduled task that automatically renews your certificates before they expire. You don't need to run Certbot again unless you change your settings. To test the automatic renewal, run this command
To check if your site is set up correctly, go to https://yourwebsite.com/ in your browser and look for the lock icon in the address bar.
*Conclusion *
By securing your website with HTTPS, you not only protect your user's data but also improve your sites credibility, SEO, and overall user experience.
Top comments (0)