Introduction
Prerequisites
Server Login
Installing Certbot
Auto-Renewal Certbot
Introduction
TLS/SSL is the standard security technology that works behind the scenes invisibly to the end-user devices to make a secure connection. It creates a protected connection between the user-end and the server-end and authenticates the user’s information to legitimate website owners.
In this guide, we’ll enable encrypted HTTPS on web servers to simplify the process by providing a secure connection. The entire process we’ll use Certbot to install a free SSL certificate for NGINX on Ubuntu 20.04 with an auto-renewal process.
Prerequisites
To stick with this guide, you need:
Ubuntu 20.04 server setup, for setting up the server from scratch Step-By-Step Guide to Deploying Laravel Applications on Virtual Private Servers follow this amazing deploying guide in Digital Ocean.
Registered domain
Server Login
To get a free SSL certificate we need to install Certbot on the server to configure HTTPS with the domain name. Firstly log into the domain IP Address with ssh keys if you don’t know how to configure the SSH key setup then you can follow this
How To Set Up SSH Keys might help you to understand the secure shell connection. Open the terminal and write the following command
ssh -i ‘here put your ssh key location’ host_name@vlaue
example
ssh -i ‘/home/.ssh/’ cheems@199.180.130.80
Assume my server name: cheems and value is 199.180.130.80
Installing Certbot
To get an SSL certificate on the domain we’ll need to install the Certbot by hitting a simple command on the terminal to make sure you are logged in the server. Then run this command
sudo snap install --classic certbot
This command will install the certbot program in the server now need to execute this command
sudo certbot --nginx
After hitting this you will see those outputs
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: cheems
2: www.cheems
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
You can select multiple domain by adding a space between numbers like 1 2 and then hit enter
Then you’ll see outputs like this
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for cheems
http-01 challenge for www.cheems
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/cheems-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/cheems-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/cheems-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/cheems-le-ssl.conf
Now next part is the redirection setup. When a request comes into your domain will automatically redirect to the HTTPS address of your domain address. So Always select 2 to enable this redirection setup
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
After this, the installation and the setup configuration is done and it’ll show an output like this
Congratulations! You have successfully enabled https://cheems and
https://www.cheems
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=cheems
https://www.ssllabs.com/ssltest/analyze.html?d=www.cheems
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/cheems/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/cheems/privkey.pem
Your cert will expire on 2022-01-25. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Congratulations if you are still up and running to install and configure but this free version of SSL is only valid for three months so it’s a huge pain to remember when will the HTTPS certificate expire. No worries there’s a way to make this automatic procedure to reinstall the certificate and renew it before the expiry date.
Auto-Renewal Certbot
To make the process in an automatic manner just write down this command
sudo systemctl status certbot.timer
This command will run the certbot scripts twice a day and will automatically renew any SSL certificate. You will see this kind of output
● certbot.timer - Run certbot twice daily
Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Tue 2022-01-25 17:57:48 UTC; 17h ago
Trigger: Wed 2022-01-25 23:50:31 UTC; 12h left
Triggers: ● certbot.service
Mar 25 17:57:48 fine-turtle systemd[1]: Started Run certbot twice daily.
Now to test the renewal process simply just hit this line
sudo certbot renew --dry-run
If theres no error then all set and ready to go.
Top comments (0)