loading...

Configure Let's Encrypt + Nginx in Ubuntu

jpblancodb profile image JPBlancoDB ・2 min read

Step-by-step guide to install Let's Encrypt certificate

Translated into: Español

First, let's briefly define what Let's Encrypt is for by quoting them.

Let’s Encrypt is a free, automated, and open Certificate Authority.

In summary, with Let's Encrypt we obtain a secure domain certificate (SSL) for our site and for free.

Steps:

  1. Install Certbot in the server:
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
  1. We need to modify nginx file (we are going to use the default file for simplicity):
sudo nano /etc/nginx/sites-available/default

Search and replace the line that contains server_name with:

server_name domain.com www.domain.com;

Verify nginx configuration is correct:

sudo nginx -t
  1. Restart Nginx:
sudo systemctl reload nginx
  1. Installing the certificate:
sudo certbot --nginx -d domain.com -d www.domain.com
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
sudo nano /etc/nginx/sites-available/default

Add in the server section:

ssl_dhparam /etc/ssl/certs/dhparam.pem;

Let's verify again that our configuration is correct:

sudo nginx -t

Restart Nginx:

sudo systemctl reload nginx
  1. Finally, we need to automatically renew our certificate because it expires every 90 days:
sudo crontab -e

and add:

15 3 \* \* \* /usr/bin/certbot renew –quiet

Done! We have our domain secure with SSL.

Lastly, we could verify the state of our certificates with certbot by executing this command:

certbot certificates

I hope this is helpful! If you have any doubts you could contact me via Twitter or by adding a comment :)

Translated into Español

Posted on by:

jpblancodb profile

JPBlancoDB

@jpblancodb

Developer, writing tech articles. Football fan and terrible defender. He/him.

Discussion

markdown guide
 

LetsEncrypt have revoked around 3 million certs last night due to a bug that they found. Are you impacted by this, Check out ?

DevTo
[+] dev.to/dineshrathee12/letsencrypt-...

GitHub
[+] github.com/dineshrathee12/Let-s-En...

LetsEncryptCommunity
[+] community.letsencrypt.org/t/letsen...