Install Certbot / LetsEncrypt SSL Certificates for Ubuntu & Nginx.

Using an SSL certificate and https is incredibly important, not only for security but also for credibility with more recent browser updates displaying “not secure” on sites accessed over http.  This guide will walk you through installing LetsEncrypt and provisioning an SSL certificate.  For the sake of this turorial, I am provisioning an SSL certificate for one of my parked domains, and set up the DNS for all the subdomains earlier.

For this article, we are assuming the following;

  1. Your domain name is registered and DNS for the root domain as well as any subdomains you want to issue a certificate for if pointed towards the server you will be performing these steps on.
  2. You have root or sudo access to the server.

1. Install the certbot-auto client for LetsEncrypt

We are going to be installing the certbot client to the /usr/sbin directory, enter the following commands to install the client;

cd /usr/sbin

sudo wget https://dl.eff.org/certbot-auto -O /usr/sbin/certbot-auto

sudo chmod a+x /usr/sbin/certbot-auto

2. Provision and install an SSL certificate

Run the following command to provision an SSL certificate, for each domain/subdomain you want included in the certificate add -d yourdomain.ext or -d subdomain.yourdomain.ext.

Tip: Always useuse the root domain first (-d domainname.ext)

sudo certbot-auto certonly -d wpsitedesign.com.au -d www.wpsitedesign.com.au -d mail.wpsitedesign.com.au -d dev.wpsitedesign.com.au

Approve the installation of any dependancies and you will end up at a screen where you select an authentication method.  I prefer to select 1 for Nginx plugin.  But you can use other authentication methods if you would prefer.

If it is your first certifcate on this machine you will need to enter an email address for account registration and accept terms to proceed.

Your certificate will be stored at /etc/letsencrypt/live/yourdomain.ext/fullchain.pem

Your private key will be stored at /etc/letsencrypt/live/yourdomain.ext/privkey.pem

You will need to update the certificate location in the nginx server configuration to use them.  If you are using the custom site block from the KB Article – Create a custom site block with Nginx details on how to do this are in the next step.

LetsEncrypt SSL Certificates

3. Add your SSL certificate to your config file.

For this step, I am using editing the config in the custom site block configured in the KB Article – Create a custom site block with Nginx – You will need to edit your Nginx configuration depending on how your server is set up.

cd /sites/wpsitedesign.com.au/etc/

sudo mv http.conf http.conf.disable  –  Disables non SSL config

sudo mv https.conf.disable https.conf  –  Enables SSL config

Open the SSL configuration in an editor such as nano

sudo nano https.conf

Ensure that the references for `ssl_certificate` and `ssl_certificate_key` point towards your certificate and key.  If you are using the https.conf file from the previously noted KB Article, there will be two references to each.

If you are using the standard nginx setup then you will need to update the ssl configuration for all of your enabled sites in their own configuration files, rather than those in the custom site block shown.

Test your nginx config with sudo nginx -t

Nginx Config OK

If everything comes back okay, its time to reload nginx.

sudo systemctl reload nginx

CONGRATULATIONS!!

Your SSL certificate is now in use and the config file is forcing the redirect of http traffic to https, and www traffic to non-www (yourdomain.ext instead of www.yourdomain.ext)

Get paid to Google search

Be the first to comment

Leave a Reply

Your email address will not be published.


*