Let's Encrypt: Get Your Free SSL Certificate - Part 2

Learn to secure your site with Let's Encrypt certificates! 🔒

• Introduction 🌟
• Requirements 📓
• Preparing a demo server 🚀
• Obtaining a certificate through Let's Encrypt🚀 🚀
• Summary ✅

Introduction 🌟

Hey everyone, In this blog, I'll show you my second method of getting a free SSL certificate from Let's Encrypt.
I'll also be using Nginx but you're free to use any other software you prefer like Apache for example.
There are multiple methods to achieve this. In my previous blog I showed one way of doing this, and in this blog, I'll show another method (it will take a bit longer since it depends on DNS propagation).
Those are the methods that I prefer and find easy to implement.

Requirements 📓

1. A registered domain name (you can use GoDaddy, AWS Route53, etc.)
2. A web server (you need admin access on that server).

Preparing a demo server 🚀

As we did before, let's start by preparing our web server to serve a hello world html page!
For this demo, I'll be using an AWS EC2 instance with a public IP address and GoDaddy as my domain name registrar.
Steps:

1. Launch an EC2 instance. (make sure you enable the Auto-assign public IP)
2. Log into your webserver using ssh.
3. Run the following commands:
   1. sudo su
   2. yum update -y
   3. yum install nginx
   4. systemctl start nginx

These commands will update your instance, install nginx, and start the server.

You can verify that your server is running by navigating to your instance public ip address (for example http://xx.xx.xx.xx) and you should be able to see the Nginx server default page.

If you're using AWS EC2 like me in this blog, make sure that your assigned security groups and NACLs are not blocking traffic on port 80.

Okay, now we have our web server up and running, let's make our domain name point to our web server.
To do that, simply create an A record with the value of your public IP address.

Once you're able to access your web server through your domain, you're ready to request a certificate from Let's Encrypt.

Obtaining a certificate through Let's Encrypt 🚀 🚀

Now, we're ready to request a certificate:

1. Install certbot-nginx

   • On Amazon Linux: sudo apt install certbot
   • On Ubunutu: sudo yum install certbot -y

2. Obtain your certificate using this command

   certbot certonly --manual --preferred-challenges=dns -d yourdomain.com

3. Follow along the wizard; you will create 1 TXT record per sub-domain in your domain name registrar (GoDaddy).

   For example, if you want to register a subdomain, you will create 2 TXT records:

   1. Your root domain: your-domain.com
   2. Your sub-domain: www.your-domain.com

4. Once you're done, you will have your certificates ready to use and stored in /etc/letsencrypt/live/{your-domain}.

5. Update you nginx server configs to use your new certificate.

   Your new configs should look similar to below:
   
   server {

   listen 80;
   server_name yourdomain.com www.yourdomain.com;
   
   # Redirect HTTP to HTTPS
   return 301 https://$host$request_uri;
   

   }
   
   server {

   listen 443 ssl;
   server_name yourdomain.com www.yourdomain.com;
   
   ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; # Path to your SSL certificate
   ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; # Path to your private key
   
   # Optional: SSL settings for better security
   ssl_protocols TLSv1.2 TLSv1.3;
   ssl_ciphers 'HIGH:!aNULL:!MD5';
   
   location / {

   root /var/www/html; # Path to your web root
   index index.html index.htm index.php;

   }
   
   # Additional location blocks can go here

   }

6. Reload your nginx server

   sudo systemctl reload nginx

Summary ✅

Now, you should be able to access your website using HTTPS.
Again, if you're using AWS EC2 with assigned security groups and NACLs, make sure you allow traffic on port 443.
That's it for this blog; hope you find it helpful!