TLS Certificate

Table of Contents

Getting free SSL Certificates:

Here are the steps to set up an SSL certificate with Let’s Encrypt on Nginx, along with a complete example configuration file:

Install Certbot:

Certbot is a tool provided by Let’s Encrypt that automates the process of obtaining and renewing SSL certificates. You can install Certbot on your server using the following commands:

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot python3-certbot-nginx

These commands will add the Certbot repository to your system and install the necessary packages.

Obtain an SSL certificate:

Once Certbot is installed, you can use it to obtain an SSL certificate from Let’s Encrypt. Run the following command to obtain a certificate for your domain:

$ sudo certbot --nginx

Certbot will guide you through the process of obtaining the certificate. It will ask you to provide an email address for important account-related notifications and agree to the terms of service. You will also be asked to enter the domain name for which you want to obtain the certificate.

For example, if your domain is “example.com”, enter “example.com” when prompted. Certbot will automatically configure Nginx to use the new certificate and enable HTTPS on your domain.

Configure auto-renewal (optional):

Let’s Encrypt certificates are valid for 90 days. To ensure that your certificate stays valid, you can configure Certbot to automatically renew the certificate before it expires. You can enable auto-renewal by adding a cron job to your system.

Open the crontab file:

$ sudo crontab -e

Add the following line to schedule Certbot to renew the certificate every week:

0 0 * * 1 /usr/bin/certbot renew --quiet

This line schedules Certbot to run the renewal command every Monday at midnight. The –quiet option suppresses non-error output.

Configure the Nginx server block:

Certbot should automatically create a new Nginx server block for your domain during the certificate installation process. However, you can also manually configure the server block if needed.

Here is an example Nginx server block configuration for your domain:

http {

    include mime.types;

    server {
        if ($host = www.example.com) {
            return 301 https://$host$request_uri;
        } # managed by Certbot

        if ($host = example.com) {
            return 301 https://$host$request_uri;
        } # managed by Certbot

    listen 80;
    listen [::]:80;
    server_name example.com www.example.com;
    return 301 https://$host$request_uri;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name example.com www.example.com;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
	
	
  root /var/www/comming-soon;
  index index.html;

  location / {
    try_files $uri $uri/ =404;
  }
}
events {}
Tags :

Related Posts

Sharing Files Between Linux Systems

Sharing Files Between Linux Systems

How to share files between 2 linux distros over …

Read More

Blog Foss Community Update 2

I have been planning to get a domain name for The …

Read More

Compiler Design

Currently I am using Fedora, so things can be …

Read More