Secure Nginx With LetS Encrypt Ssl Certificate On Ubuntu 18.04
What is SSL Certificate?
Over time, cases of internet related security breaches have been on the rise as hackers continue working round the clock to steal user data for malicious purposes. An SSL certificate is a digital certificate that is installed on website servers primarily for encrypting data sent between the user browser and the server so that only the intended recipient accesses it. This is crucial because, without encryption, information is sent as plain text data and can easily be intercepted by hackers.
For this reason, most e-commerce stores and online money payment platforms such as PayPal encrypt their websites. SSL certificate also allows for authentication and ensures that information is sent to the right server and not a hacker.
Google Likes Secure Sites
SSL certificate helps to rank your site higher in Google. According to Certbot on our server. In this example, we will use the Ubuntu software repository that contains all the updated files. To add the Certbot repository run the following command.
$ sudo add-apt-repository ppa:certbot/certbot
To make the system repositories aware of the changes made, please update the system.
$ sudo apt update
Step 3. install Certbot Nginx package
We are then going to install the Certbot Nginx package. To achieve this run the command below:
$ sudo apt-get install python-certbot-nginx
Step 4. Updating Firewall to allow HTTPS traffic
we need to allow HTTPS traffic through the firewall for SSL to work using port 443. Let’s first check the status of the firewall.
$ sudo ufw status
Before we enable the firewall, let’s first allow “Nginx Full” which will take care of both HTTP and HTTPS.
$ sudo ufw allow 'Nginx Full'
Let us now enable the ufw firewall. Hit ‘y’ when prompted.
$ sudo ufw enable
Let’s verify if the rules were added to the firewall.
$ sudo ufw status
Step 5. Generating SSL certificate
The last part is the generation of the Let’s Encrypt SSL certificate. To achieve this, use the syntax below.
$ sudo certbot --nginx -d example.com -d www.example.com
This will generate the SSL certificate that will be valid for example.com as well as www.example.com.
In our case, we shall have;
$ sudo certbot --nginx -d crazytechgeek.info -d www.crazytechgeek.info
If you are running Certbot for the first time, you will first be prompted to enter an Email address.
Communication will then be initiated with Let’s Encrypt server and try to verify that you control the domain you are asking for a certificate.
Next. Press A to agree to the terms of service.
Next, you will be asked whether you would like your email address to be shared with EFF. Here, you can either decide to opt in or out.
The Next step is where everything matters. This is the point where you will be required to redirect HTTP to HTTPS requests. Select the second option.
If all went well, you will get a message verifying that all went well.
Wonderful! you have successfully installed Let’s encrypt SSL on your Nginx web server.
To verify this, Go to your server’s address in the browser and refresh.
Take note that the URL has changed from HTTP to HTTPS at the beginning. To view more information about the SSL certificate, click on the padlock symbol and select ‘Certificate’ option.
Renew Let’s Encrypt SSL Certificate
Let’s encrypt certificate validity is 90 days. This means renewal is after 3 months. The renewal for automation is automatically done by Let’s encrypt. To test the renewal process, do a dry run with Certbot as shown.
sudo certbot renew --dry-run
If there are no errors then, everything went according to the plan and as needed the auto-renewal of will take place. All messages about CA expiration will be sent to the Email address specified during configuration.