Secure Nginx With LetS Encrypt Ssl Certificate On Ubuntu 18.04

What is SSL Certificate?

Over time, cases of internet related security breaches have been on the rise as hackers continue working round the clock to steal user data for malicious purposes. An SSL certificate is a digital certificate that is installed on website servers primarily for encrypting data sent between the user browser and the server so that only the intended recipient accesses it. This is crucial because, without encryption, information is sent as plain text data and can easily be intercepted by hackers.

For this reason, most e-commerce stores and online money payment platforms such as PayPal encrypt their websites. SSL certificate also allows for authentication and ensures that information is sent to the right server and not a hacker.

Google Likes Secure Sites

SSL certificate helps to rank your site higher in Google. According to Certbot on our server. In this example, we will use the Ubuntu software repository that contains all the updated files. To add the Certbot repository run the following command.

$ sudo add-apt-repository ppa:certbot/certbot

Output:

Secure Nginx with Lets Encrypt SSL Certificate on Ubuntu 18.04

Installing Certbot

To make the system repositories aware of the changes made, please update the system.

$ sudo apt update

Step 3. install Certbot Nginx package

We are then going to install the Certbot Nginx package. To achieve this run the command below:

$ sudo apt-get install python-certbot-nginx

Output

Secure Nginx with Lets Encrypt SSL Certificate on Ubuntu 18.04

Step 4. Updating Firewall to allow HTTPS traffic

we need to allow HTTPS traffic through the firewall for SSL to work using port 443. Let’s first check the status of the firewall.

$ sudo ufw status

Output

Secure Nginx with Lets Encrypt SSL Certificate on Ubuntu 18.04

Before we enable the firewall, let’s first allow “Nginx Full” which will take care of both HTTP and HTTPS.

$ sudo ufw allow 'Nginx Full'

Output

Secure Nginx with Lets Encrypt SSL Certificate on Ubuntu 18.04

Let us now enable the ufw firewall. Hit ‘y’ when prompted.

$ sudo ufw enable

Output

Secure Nginx with Lets Encrypt SSL Certificate on Ubuntu 18.04

Let’s verify if the rules were added to the firewall.

$ sudo ufw status

Output

Secure Nginx with Lets Encrypt SSL Certificate on Ubuntu 18.04

Ufw Status Active

Step 5. Generating SSL certificate

The last part is the generation of the Let’s Encrypt SSL certificate. To achieve this, use the syntax below.

$ sudo certbot --nginx -d example.com -d www.example.com

This will generate the SSL certificate that will be valid for example.com as well as www.example.com.

In our case, we shall have;

$ sudo certbot --nginx -d crazytechgeek.info -d www.crazytechgeek.info

Output

Secure Nginx with Lets Encrypt SSL Certificate on Ubuntu 18.04

If you are running Certbot for the first time, you will first be prompted to enter an Email address.

Communication will then be initiated with Let’s Encrypt server and try to verify that you control the domain you are asking for a certificate.

Secure Nginx with Lets Encrypt SSL Certificate on Ubuntu 18.04

Next. Press A to agree to the terms of service.

Secure Nginx with Lets Encrypt SSL Certificate on Ubuntu 18.04

Next, you will be asked whether you would like your email address to be shared with EFF. Here, you can either decide to opt in or out.

Secure Nginx with Lets Encrypt SSL Certificate on Ubuntu 18.04

The Next step is where everything matters. This is the point where you will be required to redirect HTTP to HTTPS requests. Select the second option.

Secure Nginx with Lets Encrypt SSL Certificate on Ubuntu 18.04

If all went well, you will get a message verifying that all went well.

Secure Nginx with Lets Encrypt SSL Certificate on Ubuntu 18.04

Wonderful! you have successfully installed Let’s encrypt SSL on your Nginx web server.

To verify this, Go to your server’s address in the browser and refresh.

Secure Nginx with Lets Encrypt SSL Certificate on Ubuntu 18.04

Take note that the URL has changed from HTTP to HTTPS at the beginning. To view more information about the SSL certificate, click on the padlock symbol and select ‘Certificate’ option.

Secure Nginx with Lets Encrypt SSL Certificate on Ubuntu 18.04

Output

Secure Nginx with Lets Encrypt SSL Certificate on Ubuntu 18.04

Renew Let’s Encrypt SSL Certificate

Let’s encrypt certificate validity is 90 days. This means renewal is after 3 months. The renewal for automation is automatically done by Let’s encrypt. To test the renewal process, do a dry run with Certbot as shown.

sudo certbot renew --dry-run

Secure Nginx with Lets Encrypt SSL Certificate on Ubuntu 18.04

If there are no errors then, everything went according to the plan and as needed the auto-renewal of will take place. All messages about CA expiration will be sent to the Email address specified during configuration.

  • 24