Hey everyone, In this blog, I'll show you how to easily get a free
SSL certificate for your domain. We are going to do this through
Let's Encrypt.
I'll also be using Nginx but you're free to use any other
software you prefer like Apache for example.
There are multiple methods to achieve this, but I'm going to cover
the 2 methods I prefer in this blog and the one after .
Before we start, let's prepare our web server to serve a
hello world
html page!
For this demo, I'll be using an AWS EC2 instance with a
public IP address and GoDaddy as my domain name
registrar.
Steps:
ssh.
sudo su
yum update -y
yum install nginx
systemctl start nginx
These commands will update your instance,
install nginx, and start the server.
You can verify that your server is running by navigating to your
instance public ip address (for example http://xx.xx.xx.xx) and you
should be able to see the Nginx server default page.
If you're using AWS EC2 like me in this blog, make sure that
your assigned security groups and NACLs are not
blocking traffic on port 80.
Okay, now we have our web server up and running, let's make our
domain name point to our web server.
To do that, simply create an
A record with the
value of your public IP address.
Once you're able to access your web server through your domain, you're ready to request a certificate from Let's Encrypt.
Now, we're ready to request a certificate:
Open the Nginx configs using vim.
sudo vim /etc/nginx/nginx.conf
Then add the below section to your server block:
location /.well-known/acme-challenge/ {
root /var/www/html; # This directory needs to exist
}
Your configs file will look something like this
server {
listen 80;
server_name your-domain.com www.your-domain.com;
location / {
root /usr/share/nginx/html; # Adjust as necessary index
index.html index.htm;
}
# This will allow Certbot to validate your domain
location /.well-known/acme-challenge/ {
root /var/www/html;
}
}
reload nginx service
sudo systemctl reload nginx
Install certbot-nginx
sudo yum install certbot-nginx -y
sudo apt install certbot python3-certbot-nginx -y
Obtain your certificate using this command
sudo certbot --nginx -d your-domain.com -d www.your-domain.com
Agree on the terms and conditions and once you're done, you will
have your certificates ready to use and stored in
/etc/letsencrypt/live/{your-domain}.
Update you nginx server configs to use your new certificate.
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
# Redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name yourdomain.com www.yourdomain.com;
ssl_certificate
/etc/letsencrypt/live/yourdomain.com/fullchain.pem; # Path
to your SSL certificate
ssl_certificate_key
/etc/letsencrypt/live/yourdomain.com/privkey.pem; # Path to
your private key
# Optional: SSL settings for better security
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'HIGH:!aNULL:!MD5';
location / {
root /var/www/html; # Path to your web root
index index.html index.htm index.php;
}
# Additional location blocks can go here
}
Reload your nginx server
sudo systemctl reload nginx
Now, you should be able to access your website using HTTPS.
Again, if you're using AWS EC2 with assigned
security groups and NACLs, make sure you allow traffic
on port 443.
That's it for this blog; hope you find it helpful!