DEV Community

Louretta
Louretta

Posted on

Configuring a Secure Nginx Server Using Let's Encrypt with Certbot

Let's Encrypt is a free service that provides SSL certificates, which are used to secure websites by enabling HTTPS. This means that the data sent between your web browser and the website is encrypted, making it private and secure. The process of getting and renewing these certificates is automated and straightforward, often done using a tool called Certbot

*Perequisite *
Resgistered domain
Ubuntu server

1. Update Package List

  • SSH ito your ubuntu instance

Image description

  • Update and install package list to ensure you have the latest information about avalaible packages

Image description
Install Ngnix using the package manager

Image description

  • Run this commands below to start the Ngnix service and check the status

Image description
Expected output
Image description
sample of Ngnix webpage without domain name
Image description
2.Configure Firewall

  • Allow http and https traffic through the firewall Image description

3.Create a hosted zone in route 53 (if not created already)
-open the amazon route 53 console(see image below)
Image description

-Enter your domain name
Image description

  • once hosted zone is created,get name servers information(note the four nameservers provivded by route 53. see image below)

Image description

  • Update name server in your domain registrar's website (for this project I used GoDaddy). Find the DNS settings or nameserver settings for your domain and replace the existing server with the foure nameservers provided by route 53

Image description

-Add DNS records in Route 53
on Route 53 go to "create record button"see image below(make sure to replace with your domain and Ip address)

Image description
4.Configure Ngnix for Your Domain
create a new configuration file for your domain in Ngnix

Image description

  • Add the following content below, replace with your domain name Image description
  • Create a symbolic link to enable your configuration
    Image description

  • use command below to test configuration to ensure there are no syntax errors
    Image description

  • Create a root document. This ensures the webser knows exactly where to find the files requested by users, providing a consistent and reliable way to serve web content- See command below

    Image description

  • Change ownership of the directory and its contents. This ensures that the user has full control over the files and directories and that the webserver can serve content correctly
    Image description

  • Run this command to create an index.html file to test your configuration
    Image description

  • Run this command to enable your configuration(ensure to replace with your own domain name )
    Image description

  • Run this command below to to test configuration and relod Ngnix
    Image description
    -open browser to verify setup using your domain (http://your_domain). you should be able to see if your website is configured correctly.
    The image below displayed a "Not secure" warning on the website when we accessed over HTTP, meaning that any data exchanged between the users browser and the server can be intercepted and read by third parties.
    Image description

5.Secure Your Website with HTTPS
we will be using lets encrypt for this tutorial

-Before using Snap to install Certbot, check if Certbot is already installed with apt and remove it if it is. This ensures that the Snap version of Certbot will be used instead of the one from your operating system's package manager

Image description

  • Run this command to instal Certbot

Image description

  • Run this command sudo ln -s /snap/bin/certbot /usr/bin/certbot to make sure you can execute the Certbot command. This links the path to the Certbot binary file.

  • Run the command sudo certbot --nginx to obtain a certificate and automatically configure Nginx with Certbot. During the process, you will be prompted to:

  1. Enter your email address.
  2. Read and accept the terms and conditions of Let’s Encrypt by typing y to proceed.
  3. Type y to allow notifications.
  4. Choose your domain name or enter it manually.

The output should look like the image below.
Image description

  • The Certbot packages on your system include a scheduled task that automatically renews your certificates before they expire. You don't need to run Certbot again unless you change your settings. To test the automatic renewal, run this command
    Image description

  • To check if your site is set up correctly, go to https://yourwebsite.com/ in your browser and look for the lock icon in the address bar.
    Image description

*Conclusion *
By securing your website with HTTPS, you not only protect your user's data but also improve your sites credibility, SEO, and overall user experience.

Top comments (0)