DEV Community

loading...

A simple way to create an SSL certificate with Let's Encypt

keikesu0122 profile image keikesu0122 ・2 min read

What is an SSL certificate?

SSL, which stands for secure sockets layer, has two main roles. The first role is to acknowledge the validity of a web server. In other words, an SSL certificate ensures that the web server does exist. The second role is to encrypt between the web server and web clients. Without an SSL certificate, your credential information has a risk of being stolen because it is not encrypted. An SSL certificate ensures a safe communication on the Internet.

How does SSL secure the safety?

1.A web client (browser) attempts to access a web server.

2.The server sends its SSL certificate and public key to the browser.

3.Checking the validity of the certificate, the browser creates a common key.

4.Encrypting the common key with the public key, the browser sends the common key to the server.

5.The server decrypts the encrypted common key and keeps it.

After the process above, the communication between the server and browser is always encrypted with the common key.

How can you get an SSL certificate for your website?

Let's Encrypt is an easy solution to create an SSL certificate

1.Install the client software of Let's Encrypt, or certbot

 $ sudo yum install epel-release
 $ sudo yum install certbot
Enter fullscreen mode Exit fullscreen mode

2.Create an SSL certificate

certbot certonly --standalone -d www.example.com
Enter fullscreen mode Exit fullscreen mode

You can use the --standalone option only when your web server such as apache and nginx is off. If you want to run this command with the web server on, you have to use the --webroot option.

 $ certbot certonly --webroot -w /var/www/www.example.com -d www.example.com
Enter fullscreen mode Exit fullscreen mode

You need to add the document root after the -w.
If you want to cover multiple domains, you can simply add the -d option as follows

certbot certonly --standalone -d www.example.com -d www2.example.com
Enter fullscreen mode Exit fullscreen mode

3.Change your web server configuration

You need to add the following configuration to /etc/nginx/conf.d/default.conf.

server {
    listen 443 ssl;
    server_name www.example.com;
    root /var/www/www.example.com/current/web;
    ssl_certificate /etc/letsencrypt/live/www.example.com/privkey.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.example.com/fullchain.pem;
}
Enter fullscreen mode Exit fullscreen mode

4.Restart your web server

sudo systemctl restart nginx
Enter fullscreen mode Exit fullscreen mode

At this point, you can access to your website with HTTPS.

Discussion (0)

pic
Editor guide