Setup lets-encrypt certbot certificates with nginx server in debian-ubuntu Linux

Akila Rathnayake
Nov 4 · 3 min read

Prerequisites

1. first your nginx server must be publicly accessible via a public ip. If not you will get an authentication error when creating the certificate via lets-encrypt.

Install nginx and check accessibility from publicly internet.

2. CN(certificate name or your domain name) must be correctly redirect to your publicly accessible nginx server.

Create an A record from your cloud console( if you are using any )

Step 1

First install required repositories to download cert-bot

xxxxxxxxxxxxxxxxx$ sudo add-apt-repository ppa:certbot/certbot

This is the PPA for packages prepared by Debian Let’s Encrypt Team and backported for Ubuntu(s).

More info: https://launchpad.net/~certbot/+archive/ubuntu/certbot

Press [ENTER] to continue or ctrl-c to cancel adding it

— -

gpg: no valid OpenPGP data found.

Below are some errors I faced,

Error,

xxxxxxxxxxxxxxxxx$ sudo add-apt-repository ppa:certbot/certbot

sudo: add-apt-repository: command not found

Solution,

xxxxxxxxxxxxxxxxx$ sudo apt-get install software-properties-common

Reading package lists… Done

Building dependency tree

Reading state information… Done

The following additional packages will be installed:

xxxxxxxxxxxxxxxxx$ sudo apt-get update

Hit:1 http://security.debian.org stretch/updates InRelease

Reading package lists… Done

Error,

xxxxxxxxxxxxxxxxx$ sudo add-apt-repository ppa:certbot/certbot

gpg: keyserver receive failed: No dirmngr

Solution,

xxxxxxxxxxxxxxxxx$ sudo apt-get install dirmngr

Reading package lists… Done

Building dependency tree

Steps 2

Install cert-bot packages

xxxxxxxxxxxxxxxxx$ sudo apt-get install python-certbot-nginx

Reading package lists… Done

Building dependency tree

Reading state information… Done

Step 3

lets assume that our ssl certificate domain name is mysampledomain.com . Please note that you must register your domain before continue with lets-encrypt.

go to /etc/nginx/sites-available folder and create a file named mysampledomain.com

add below content to the file,

server {

listen 443 ssl;

server_name mysampledomain.com;

<remaining code here>

}

save the file.

Step 4

test the configuration,

xxxxxxxxxxxxxxxxx$ sudo nginx -t

Restart nginx service if test is pass.

xxxxxxxxxxxxxxxxx$ sudo systemctl restart nginx

xxxxxxxxxxxxxxxxx$ sudo systemctl status nginx

● nginx.service — A high performance web server and a reverse proxy server

Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)

Active: active (running) since Mon

Step 5

now you can create lets-encrypt certificate using certbot command,

xxxxxxxxxxxxxxxxx$ sudo certbot — nginx -d mysampledomain.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Plugins selected: Authenticator nginx, Installer nginx

Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to

cancel):

- — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -

Please read the Terms of Service at

(A)gree/©ancel: A

- — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -

Would you be willing to share your email address with the Electronic Frontier

- — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -

(Y)es/(N)o: N

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

- — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -

Select the appropriate number [1–2] then [enter] (press ‘c’ to cancel): 2

Congratulations! You have successfully enabled

its done now. Check in etc sites-enabled/default file for ssl 443 configuration created by lets-encrypt cert-bot . You can write you own rules for load balancing using that part.

Akila Rathnayake

Written by

#newtechnologies #DevOps #servers #travel #photography https://legendans.blogspot.com https://www.instagram.com/akila.rathnayake

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade