Let's Encrypt: Get Your Free SSL Certificate - Part 2
Learn to secure your site with Let's Encrypt certificates! π
Introduction π
Hey everyone, In this blog, I'll show you my second method of
getting a free SSL certificate from Let's Encrypt.
I'll also be using Nginx but you're free to use any other
software you prefer like Apache for example.
There are multiple methods to achieve this. In
my previous blog I
showed one way of doing this, and in this blog, I'll show another
method (it will take a bit longer since it depends on
DNS propagation).
Those are the methods that I prefer and find easy to
implement.
Requirements π
- A registered domain name (you can use GoDaddy, AWS Route53, etc.)
- A web server (you need admin access on that server).
Preparing a demo server π
As we did before, let's start by preparing our web server to serve
a hello world
html
page!
For this demo, I'll be using an AWS EC2 instance with a
public IP address and GoDaddy as my domain name
registrar.
Steps:
- Launch an EC2 instance. (make sure you enable the Auto-assign public IP)
-
Log into your webserver using
ssh
. -
Run the following commands:
-
sudo su
-
yum update -y
-
yum install nginx
-
systemctl start nginx
-
These commands will update your instance,
install nginx, and start the server.
You can verify that your server is running by navigating to your
instance public ip address (for example http://xx.xx.xx.xx) and
you should be able to see the Nginx server default page.
If you're using AWS EC2 like me in this blog, make sure
that your assigned security groups and NACLs are not
blocking traffic on port 80.
Okay, now we have our web server up and running, let's make our
domain name point to our web server.
To do that, simply create an
A
record with
the value of your public IP address.
Once you're able to access your web server through your domain, you're ready to request a certificate from Let's Encrypt.
Obtaining a certificate through Let's Encrypt π π
Now, we're ready to request a certificate:
-
Install certbot-nginx
-
On Amazon Linux:
sudo apt install certbot
-
On Ubunutu:
sudo yum install certbot -y
-
On Amazon Linux:
-
Obtain your certificate using this command
certbot certonly --manual --preferred-challenges=dns -d yourdomain.com
-
Follow along the wizard; you will create 1
TXT
record per sub-domain in your domain name registrar (GoDaddy).For example, if you want to register a subdomain, you will create 2 TXT records:- Your root domain: your-domain.com
- Your sub-domain: www.your-domain.com
-
Once you're done, you will have your certificates ready to use and stored in
/etc/letsencrypt/live/{your-domain}
. -
Update you nginx server configs to use your new certificate.
Your new configs should look similar to below:
server {
listen 80;}
server_name yourdomain.com www.yourdomain.com;
# Redirect HTTP to HTTPS
return 301 https://$host$request_uri;
server {listen 443 ssl;}
server_name yourdomain.com www.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; # Path to your SSL certificate
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; # Path to your private key
# Optional: SSL settings for better security
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'HIGH:!aNULL:!MD5';
location / {root /var/www/html; # Path to your web root}
index index.html index.htm index.php;
# Additional location blocks can go here -
Reload your nginx server
sudo systemctl reload nginx
Summary β
Now, you should be able to access your website using HTTPS.
Again, if you're using AWS EC2 with assigned
security groups and NACLs, make sure you allow
traffic on port 443.
That's it for this blog; hope you find it helpful!