Tutorials
Free SSL Certificate for NGINX on UBUNTU 16.04

Get free SSL certificate by enabling encrypted HTTPS on web servers. In this tutorial, you will use Certbot to get a free SSL certificate for Nginx on Ubuntu 16.04 and set your certificate to renew automatically.

All I script is the command you will use on the ubuntu connection terminal.

Step 1 - Installing Certbot:

sudo add-apt-repository ppa: certbot / certbot

You will need to press ENTER to accept. Then update the package list to get the package information from the new repository:

sudo apt-get update

And finally, install the Certbot Nginx package:

sudo apt-get install python-certbot-nginx

Certbot is now ready for use, but in order for it to configure SSL for Nginx, we need to check some of the Nginx settings.

Step 2 - Configuring Nginx:

Certbot can automatically configure SSL for Nginx, but it needs to be able to find the correct server block in your configuration. It does this by looking for a server_name directive that matches the domain for which you are requesting a certificate.

If you are starting with a new installation of Nginx, you can update the default configuration file. Open it with your favorite text editor at / etc / nginx / sites-available / default and find the existing servername line and replace the underscore with your domain name.

Save the file and exit its editor. Reload Nginx to load the new configuration.

sudo systemctl reload nginx

Certbot can now find the correct server block and update it. We will then update our firewall to allow HTTPS traffic.

Step 3 - Enabling HTTPS Through the Firewall:

To additionally allow HTTPS traffic, we can allow the Nginx Full profile and then exclude the redundant Nginx HTTP profile tolerance:

sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'

To check your status use:

sudo ufw status

Your status should look like this now:

Output
Status: active

To Action From


OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
We are now ready to run Certbot and fetch our certificates.

Report post
Posted March 24, 2018 (edited)
Hello everyone, today I will teach you how to make your website more secure by getting a free SSL certificate by enabling encrypted HTTPS on web servers. In this tutorial, you will use Certbot to get a free SSL certificate for Nginx on Ubuntu 16.04 and set your certificate to renew automatically.

All I script is the command you will use on the ubuntu connection terminal.

Step 1 - Installing Certbot:

sudo add-apt-repository ppa: certbot / certbot
You will need to press ENTER to accept. Then update the package list to get the package information from the new repository:

sudo apt-get update
And finally, install the Certbot Nginx package:

sudo apt-get install python-certbot-nginx
Certbot is now ready for use, but in order for it to configure SSL for Nginx, we need to check some of the Nginx settings.

Step 2 - Configuring Nginx:

Certbot can automatically configure SSL for Nginx, but it needs to be able to find the correct server block in your configuration. It does this by looking for a servername directive that matches the domain for which you are requesting a certificate. If you are starting with a new installation of Nginx, you can update the default configuration file. Open it with your favorite text editor at / etc / nginx / sites-available / default and find the existing server_name line and replace the underscore with your domain name. Save the file and exit its editor. Reload Nginx to load the new configuration. 

sudo systemctl reload nginx
Certbot can now find the correct server block and update it. We will then update our firewall to allow HTTPS traffic.

Step 3 - Enabling HTTPS Through the Firewall:

To additionally allow HTTPS traffic, we can allow the Nginx Full profile and then exclude the redundant Nginx HTTP profile tolerance:

sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'

To check your status use:

sudo ufw status

Your status should look like this now:

Output
Status: active

To Action From


OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
We are now ready to run Certbot and fetch our certificates.

Step 4 - Obtain an SSL Certificate

Certbot provides a variety of ways to obtain SSL certificates through various plugins. The Nginx plugin will take care of reconfiguring Nginx and reloading the configuration as needed:

sudo certbot --nginx -d example.com -d www.example.com

Where is example in the above command change to your domain.

If this is your first time running certbot, you will be prompted to enter an email address and agree to the terms of service. After that, certbot will communicate with the Let's Encrypt server and perform a challenge to verify that you control the domain for which you are requesting a certificate. If this succeeds, certbot will ask how you would like to configure your HTTPS settings.

 Output 
 Please choose whether or not to redirect HTTP traffic to HTTPS by removing HTTP access.
 -------------------------------------------------- -----------------------------
 1: No Redirection - No more changes to the web server configuration.
 2: Redirect - Redirect all requests to secure HTTPS access. Choose this for
 new sites, or if you're sure your site works over HTTPS. You can undo it
 change by editing the configuration of your web server.
 -------------------------------------------------- -----------------------------
 Select the appropriate number [1-2] and then [enter] (press 'c' to cancel):

Select your choice and press ENTER. The setting will be updated and Nginx will be reloaded to get the new settings. certbot will end with a message stating that the process was successful and where your certificates are stored:

Output 
 IMPORTANT NOTES:
 Congratulations! Your certificate and chain have been saved to
    /etc/letsencrypt/live/example.com/fullchain.pem. Your certificate
    expire on 2017-10-23. To obtain a new or adjusted version of this
    certified in the future, simply run certbot again with the
    "certonly" option. Non-interactively renew * all * your
    certificates, perform "certbot renew"
  - Your account credentials have been saved to your Certbot
    configuration directory in / etc / letsencrypt. You should do a
    Secure backup of this folder now. This configuration directory
    also contains certificates and private keys obtained by Certbot as well
    Making regular backups of this folder is ideal.
  - If you like Certbot, consider supporting our work:

    Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

Your certificates are downloaded, installed, and loaded automatically. Try reloading your site using https: // and watch your browser's security indicator. It should indicate that the site is protected properly, usually with a green lock icon. Let's finish by testing the renewal process.

Step 5 - Verifying Certbot Automatic Renewal

Certificates are only valid for ninety days . This is to encourage users to automate their certificate renewal process. The certbot package we installed takes care of this for us. To test the renewal process, you can do a dry run with certbot:

sudo certbot renew --dry-run

If you don't see any errors, it's all set. When necessary, Certbot will renew your certificates and reload Nginx for changes. If the automated renewal process fails, the software will send a message to the email you specified notifying you when your certificate is about to expire.

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

Get free SSL certificate by enabling encrypted HTTPS on web servers. In this tutorial, you will use Certbot to get a free SSL certificate for Nginx on Ubuntu 16.04 and set your certificate to renew automatically. -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- _All I script is the command you will use on the ubuntu connection terminal._ ### Step 1 - Installing Certbot: ```` sudo add-apt-repository ppa: certbot / certbot ```` You will need to press ENTER to accept. Then update the package list to get the package information from the new repository: ```` sudo apt-get update ```` And finally, install the Certbot Nginx package: ```` sudo apt-get install python-certbot-nginx ```` Certbot is now ready for use, but in order for it to configure SSL for Nginx, we need to check some of the Nginx settings. ### Step 2 - Configuring Nginx: Certbot can automatically configure SSL for Nginx, but it needs to be able to find the correct server block in your configuration. It does this by looking for a server_name directive that matches the domain for which you are requesting a certificate. If you are starting with a new installation of Nginx, you can update the default configuration file. Open it with your favorite text editor at / etc / nginx / sites-available / default and find the existing server_name line and replace the underscore _ with your domain name. Save the file and exit its editor. Reload Nginx to load the new configuration. ```` sudo systemctl reload nginx ```` Certbot can now find the correct server block and update it. We will then update our firewall to allow HTTPS traffic. ### Step 3 - Enabling HTTPS Through the Firewall: To additionally allow HTTPS traffic, we can allow the Nginx Full profile and then exclude the redundant Nginx HTTP profile tolerance: ```` sudo ufw allow 'Nginx Full' sudo ufw delete allow 'Nginx HTTP' ```` To check your status use: ```` sudo ufw status ```` Your status should look like this now: Output Status: active To Action From - ------ ---- OpenSSH ALLOW Anywhere Nginx Full ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) Nginx Full (v6) ALLOW Anywhere (v6) We are now ready to run Certbot and fetch our certificates. Report post Posted March 24, 2018 (edited) Hello everyone, today I will teach you how to make your website more secure by getting a free SSL certificate by enabling encrypted HTTPS on web servers. In this tutorial, you will use Certbot to get a free SSL certificate for Nginx on Ubuntu 16.04 and set your certificate to renew automatically. All I script is the command you will use on the ubuntu connection terminal. Step 1 - Installing Certbot: sudo add-apt-repository ppa: certbot / certbot You will need to press ENTER to accept. Then update the package list to get the package information from the new repository: sudo apt-get update And finally, install the Certbot Nginx package: sudo apt-get install python-certbot-nginx Certbot is now ready for use, but in order for it to configure SSL for Nginx, we need to check some of the Nginx settings. Step 2 - Configuring Nginx: Certbot can automatically configure SSL for Nginx, but it needs to be able to find the correct server block in your configuration. It does this by looking for a server_name directive that matches the domain for which you are requesting a certificate. If you are starting with a new installation of Nginx, you can update the default configuration file. Open it with your favorite text editor at / etc / nginx / sites-available / default and find the existing server_name line and replace the underscore _ with your domain name. Save the file and exit its editor. Reload Nginx to load the new configuration.  sudo systemctl reload nginx Certbot can now find the correct server block and update it. We will then update our firewall to allow HTTPS traffic. ### Step 3 - Enabling HTTPS Through the Firewall: To additionally allow HTTPS traffic, we can allow the Nginx Full profile and then exclude the redundant Nginx HTTP profile tolerance: ```` sudo ufw allow 'Nginx Full' sudo ufw delete allow 'Nginx HTTP' ```` To check your status use: ```` sudo ufw status ```` Your status should look like this now: Output Status: active To Action From - ------ ---- OpenSSH ALLOW Anywhere Nginx Full ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) Nginx Full (v6) ALLOW Anywhere (v6) We are now ready to run Certbot and fetch our certificates. ### Step 4 - Obtain an SSL Certificate Certbot provides a variety of ways to obtain SSL certificates through various plugins. The Nginx plugin will take care of reconfiguring Nginx and reloading the configuration as needed: ```` sudo certbot --nginx -d example.com -d www.example.com ```` Where is example in the above command change to your domain. If this is your first time running certbot, you will be prompted to enter an email address and agree to the terms of service. After that, certbot will communicate with the Let's Encrypt server and perform a challenge to verify that you control the domain for which you are requesting a certificate. If this succeeds, certbot will ask how you would like to configure your HTTPS settings. ```` Output Please choose whether or not to redirect HTTP traffic to HTTPS by removing HTTP access. -------------------------------------------------- ----------------------------- 1: No Redirection - No more changes to the web server configuration. 2: Redirect - Redirect all requests to secure HTTPS access. Choose this for new sites, or if you're sure your site works over HTTPS. You can undo it change by editing the configuration of your web server. -------------------------------------------------- ----------------------------- Select the appropriate number [1-2] and then [enter] (press 'c' to cancel): ```` Select your choice and press ENTER. The setting will be updated and Nginx will be reloaded to get the new settings. certbot will end with a message stating that the process was successful and where your certificates are stored: ```` Output IMPORTANT NOTES: Congratulations! Your certificate and chain have been saved to /etc/letsencrypt/live/example.com/fullchain.pem. Your certificate expire on 2017-10-23. To obtain a new or adjusted version of this certified in the future, simply run certbot again with the "certonly" option. Non-interactively renew * all * your certificates, perform "certbot renew" - Your account credentials have been saved to your Certbot configuration directory in / etc / letsencrypt. You should do a Secure backup of this folder now. This configuration directory also contains certificates and private keys obtained by Certbot as well Making regular backups of this folder is ideal. - If you like Certbot, consider supporting our work: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le ```` Your certificates are downloaded, installed, and loaded automatically. Try reloading your site using https: // and watch your browser's security indicator. It should indicate that the site is protected properly, usually with a green lock icon. Let's finish by testing the renewal process. ### Step 5 - Verifying Certbot Automatic Renewal Certificates are only valid for ninety days . This is to encourage users to automate their certificate renewal process. The certbot package we installed takes care of this for us. To test the renewal process, you can do a dry run with certbot: ```` sudo certbot renew --dry-run ```` If you don't see any errors, it's all set. When necessary, Certbot will renew your certificates and reload Nginx for changes. If the automated renewal process fails, the software will send a message to the email you specified notifying you when your certificate is about to expire. https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
27
0
1
live preview
enter atleast 20 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft