Let's Encrypt: Get Your Free SSL Certificate - Part 1
Learn to secure your site with Let's Encrypt certificates! π
Introduction π
Hey everyone, In this blog, I'll show you how to easily get a free
SSL certificate for your domain. We are going to do this through
Let's Encrypt.
I'll also be using Nginx but you're free to use any other
software you prefer like Apache for example.
There are multiple methods to achieve this, but I'm going to cover
the 2 methods I prefer in this blog and the one after .
Requirements π
- A registered domain name (you can use GoDaddy, AWS Route53, etc.)
- A web server (you need admin access on that server).
Preparing a demo server π
Before we start, let's prepare our web server to serve a
hello world
html
page!
For this demo, I'll be using an AWS EC2 instance with a
public IP address and GoDaddy as my domain name
registrar.
Steps:
- Launch an EC2 instance. (make sure you enable the Auto-assign public IP)
-
Log into your webserver using
ssh
. -
Run the following commands:
-
sudo su
-
yum update -y
-
yum install nginx
-
systemctl start nginx
-
These commands will update your instance,
install nginx, and start the server.
You can verify that your server is running by navigating to your
instance public ip address (for example http://xx.xx.xx.xx) and
you should be able to see the Nginx server default page.
If you're using AWS EC2 like me in this blog, make sure
that your assigned security groups and NACLs are not
blocking traffic on port 80.
Okay, now we have our web server up and running, let's make our
domain name point to our web server.
To do that, simply create an
A
record with
the value of your public IP address.
Once you're able to access your web server through your domain, you're ready to request a certificate from Let's Encrypt.
Obtaining a certificate through Let's Encrypt π π
Now, we're ready to request a certificate:
-
Open the Nginx configs using
vim
.sudo vim /etc/nginx/nginx.conf
-
Then add the below section to your server block:
location /.well-known/acme-challenge/ {
root /var/www/html; # This directory needs to exist}
Your configs file will look something like this
server {
listen 80;}
server_name your-domain.com www.your-domain.com;
location / {
root /usr/share/nginx/html; # Adjust as necessary index index.html index.htm;}
# This will allow Certbot to validate your domain
location /.well-known/acme-challenge/ {
root /var/www/html;} -
reload nginx service
sudo systemctl reload nginx
-
Install certbot-nginx
-
On Amazon Linux:
sudo yum install certbot-nginx -y
-
On Ubunutu:
sudo apt install certbot python3-certbot-nginx -y
-
On Amazon Linux:
-
Obtain your certificate using this command
sudo certbot --nginx -d your-domain.com -d www.your-domain.com
-
Agree on the terms and conditions and once you're done, you will have your certificates ready to use and stored in
/etc/letsencrypt/live/{your-domain}
. -
Update you nginx server configs to use your new certificate.
Your new configs should look similar to below:
server {
listen 80;}
server_name yourdomain.com www.yourdomain.com;
# Redirect HTTP to HTTPS
return 301 https://$host$request_uri;
server {listen 443 ssl;}
server_name yourdomain.com www.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; # Path to your SSL certificate
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; # Path to your private key
# Optional: SSL settings for better security
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'HIGH:!aNULL:!MD5';
location / {root /var/www/html; # Path to your web root}
index index.html index.htm index.php;
# Additional location blocks can go here -
Reload your nginx server
sudo systemctl reload nginx
Summary β
Now, you should be able to access your website using HTTPS.
Again, if you're using AWS EC2 with assigned
security groups and NACLs, make sure you allow
traffic on port 443.
That's it for this blog; hope you find it helpful!