How to Install and Validate Let’s Encrypt SSL on Any Linux Server Using Nginx, Including Auto Renewals
Securing your web server with an SSL certificate is essential for safeguarding data and increasing user trust. Let's Encrypt provides a free, automated, and open certificate authority (CA), making it a popular choice for implementing HTTPS. In this article, I will guide you through the process of installing and validating a Let's Encrypt SSL certificate on any Linux server using Nginx, as well as setting up automatic renewals.
Prerequisites
Before proceeding, ensure that you have:
- A Linux server (Ubuntu, CentOS, etc.) with root access.
- Nginx installed and running on your server.
- A registered domain name pointing to your server's IP address.
Step 1: Install Certbot
Certbot is an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your web server. To install Certbot and its Nginx plugin, use the following commands:
For Ubuntu/Debian systems:
sudo apt update
sudo apt install certbot python3-certbot-nginxFor CentOS/RHEL systems:
sudo yum install epel-release
sudo yum install certbot python3-certbot-nginxStep 2: Configure Nginx
Certbot needs to verify that you control the domain for which you're requesting a certificate. It does this using the Webroot plugin by placing a special file in the /var/www/html directory of your server. Ensure your Nginx configuration for your domain points to this directory. Edit the Nginx configuration for your domain:
server {
listen 80;
server_name example.com www.example.com;
root /var/www/html;
index index.html;
location ~ /.well-known/acme-challenge {
allow all;
}
}Replace example.com with your domain name. After editing, verify the Nginx configuration and reload Nginx:
sudo nginx -t
sudo systemctl reload nginxStep 3: Obtain an SSL Certificate
Run Certbot to obtain the certificate using the following command:
sudo certbot --nginx -d example.com -d www.example.comFollow the prompts to configure your SSL settings, including whether to redirect HTTP traffic to HTTPS (recommended).
Step 4: Verify SSL Installation
To ensure that your SSL certificate is correctly installed, you can use an online service like SSL Labs' SSL Test. Just enter your domain name and run the test to see your server's SSL rating and configuration details.
Step 5: Set Up Auto Renewals
Let's Encrypt certificates are valid for 90 days. To automate the renewal process, you can set up a cron job that runs the renewal command periodically. Edit your crontab with sudo crontab -e and add the following line:
0 3 * * * /usr/bin/certbot renew --quietThis cron job will run the renewal command every day at 3:00 AM. The --quiet option suppresses output unless errors occur.
You now have a secure Nginx server using a free SSL certificate from Let's Encrypt, with automatic renewals set up to keep your certificate valid indefinitely. This setup not only boosts your website's security but also enhances your SEO rankings and user trust.
Automating the Installation with a Shell Script
To simplify the process of installing and renewing Let’s Encrypt certificates on Nginx, I have created a shell script that automates the entire procedure. This script handles the installation of Certbot, configures Nginx, obtains the SSL certificate, sets up automatic renewals, and verifies the configuration.
If you find this script useful and it has helped you, please consider giving it a star ⭐
