Scribd
Upload
28 views3 pages

The Let's Encrypt Client: Apt-Get Update Sudo Apt-Get Install Certbot Apt-Get Install Python-Certbot-Nginx

This document provides instructions for setting up free SSL/TLS certificates from Let's Encrypt for use with NGINX. It describes how to install the Let's Encrypt client certbot, configure NGINX to use the certificates, obtain and install the certificates, and set up automatic renewal of the certificates. By following these steps, a secure website with HTTPS can be quickly established using free Let's Encrypt certificates with NGINX.

Uploaded by

bao bao
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
Download as docx, pdf, or txt
28 views3 pages

The Let's Encrypt Client: Apt-Get Update Sudo Apt-Get Install Certbot Apt-Get Install Python-Certbot-Nginx

This document provides instructions for setting up free SSL/TLS certificates from Let's Encrypt for use with NGINX. It describes how to install the Let's Encrypt client certbot, configure NGINX to use the certificates, obtain and install the certificates, and set up automatic renewal of the certificates. By following these steps, a secure website with HTTPS can be quickly established using free Let's Encrypt certificates with NGINX.

Uploaded by

bao bao
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1/ 3

https://www.nginx.

com/blog/using-free-ssltls-certificates-from-lets-encrypt-with-nginx/

1. Download the Let’s Encrypt Client


First, download the Let’s Encrypt client, certbot.
As mentioned just above, we tested the instructions on Ubuntu 16.04, and these are the
appropriate commands on that platform:

$ apt-get update
$ sudo apt-get install certbot
$ apt-get install python-certbot-nginx
With Ubuntu 18.04 and later, substitute the Python 3 version:

$ apt-get update
$ sudo apt-get install certbot
$ apt-get install python3-certbot-nginx
2. Set Up NGINX
certbot can automatically configure NGINX for SSL/TLS. It looks for and modifies
the server block in your NGINX configuration that contains a server_name directive with the
domain name you’re requesting a certificate for. In our example, the domain
is www.example.com.
1. Assuming you’re starting with a fresh NGINX install, use a text editor to create a file
in the /etc/nginx/conf.d directory named domain- name.conf (so in our
example, www.example.com.conf).
2. Specify your domain name (and variants, if any) with the server_name directive:
3. server {
4. listen 80 default_server;
5. listen [::]:80 default_server;
6. root /var/www/html;
7. server_name example.com www.example.com;
}
8. Save the file, then run this command to verify the syntax of your configuration and
restart NGINX:

$ nginx -t && nginx -s reload


3. Obtain the SSL/TLS Certificate
The NGINX plug-in for certbot takes care of reconfiguring NGINX and reloading its
configuration whenever necessary.
1. Run the following command to generate certificates with the NGINX plug-in:

$ sudo certbot --nginx -d example.com -d www.example.com


2. Respond to prompts from certbot to configure your HTTPS settings, which involves
entering your email address and agreeing to the Let’s Encrypt terms of service.
When certificate generation completes, NGINX reloads with the new
settings. certbot generates a message indicating that certificate generation was
successful and specifying the location of the certificate on your server.
Congratulations! You have successfully enabled https://example.com and
https://www.example.com

------------------------------------------------------------------------------
-------
IMPORTANT NOTES:

Congratulations! Your certificate and chain have been saved at:


/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com//privkey.pem
Your cert will expire on 2017-12-12.
Note: Let’s Encrypt certificates expire after 90 days (on 2017-12-12 in the example).
For information about automatically renenwing certificates, see Automatic Renewal of
Let’s Encrypt Certificates below.
If you look at domain-name.conf, you see that certbot has modified it:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name example.com www.example.com;

listen 443 ssl; # managed by Certbot

# RSA certificate
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by
Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by
Certbot

include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

# Redirect non-https traffic to https


if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
4. Automatically Renew Let’s Encrypt Certificates
Let’s Encrypt certificates expire after 90 days. We encourage you to renew your certificates
automatically. Here we add a cron job to an existing crontab file to do this.
1. Open the crontab file.
$ crontab -e
2. Add the certbot command to run daily. In this example, we run the command every
day at noon. The command checks to see if the certificate on the server will expire
within the next 30 days, and renews it if so. The --quiet directive tells certbot not to
generate output.
0 12 * * * /usr/bin/certbot renew --quiet
3. Save and close the file. All installed certificates will be automatically renewed and
reloaded.
Summary
We’ve installed the Let’s Encrypt agent to generate SSL/TLS certificates for a
registered domain name. We’ve configured NGINX to use the certificates and set up
automatic certificate renewals. With Let’s Encrypt certificates for NGINX and
NGINX Plus, you can have a simple, secure website up and running within minutes.

To try out Let’s Encrypt with NGINX Plus yourself, start your free 30-day trial today
or contact us to discuss your use cases.

You might also like