Nội dung
How to install Let’s Encrypt SSL with Certbot on Nginx
In this article, AZDIGI will guide you on installing the Let’s Encrypt SSL certificate on the Nginx server in the simplest and fastest way, please follow along.
I. Overview
What is an SSL certificate?
SSL is a certificate that helps encrypt information on devices or applications that support this encryption. SSL certificate will have Private Key and Public Key, in which Public Key will be installed in terminal applications that browsers or other applications can access. Private Key will be installed in applications that handle receiving data.
Its purpose of operation is like the key to helping decrypt the data sent from the terminal, which is also encrypted through the Public Key.
What is Let’s Encrypt?
Let’s Encrypt is an SSL authentication organization like Comodo, GeoTrust and Symantec, but the difference is that they are a non-profit organization established with the auspices of influential organizations in the world Cisco, Akamai, Mozilla, Facebook… Therefore, Let’s Encrypt SSL certificates will be no different from other types of SSL certificates. However, you must renew them every 90 days to continue using them.
In addition, you can read more about Let’s Encrypt at the homepage link below:
So how to install Let’s Encrypt SSL on a website using Nginx, please see the steps below.
II. Implementation guide
To install SSL Let’s Encrypt on the Nginx server, follow these 3 steps.
Step 1: Install Cerbot Let’s Encrypt Client
With Let’s Encrypt, you can quickly install it through the Certbot client with just a few simple commands and wait for the system to run automatically.
- First, you need to install the EPEL repository:
yum -y install epel-release
- Next, install certbot-nginx with the following command:
yum -y install certbot-nginx
Step 2: Install Let’s Encrypt SSL
Note: You must make sure the domain is pointed to the server IP (if you install SSL for the subdomain www.domain.com, the sub must also point to the server)
To install SSL for your website, use the following command: (please change azdigi.cf to the name of your website)
certbot --nginx -d azdigi.cf -d www.azdigi.cf
[root@template conf.d]# certbot --nginx -d azdigi.cf -d www.azdigi.cf Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): kiendt@azdigi.cf (Enter your email) Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y (Press Y to agree to the terms) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: N (Press N to refuse information and news from LetsEncrypt and Certbot) Account registered. Requesting a certificate for azdigi.cf and www.azdigi.cf Performing the following challenges: http-01 challenge for azdigi.cf http-01 challenge for www.azdigi.cf Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/nginx/conf.d/azdigi.cf.conf Deploying Certificate to VirtualHost /etc/nginx/nginx.conf Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/azdigi.cf.conf Redirecting all traffic on port 80 to ssl in /etc/nginx/nginx.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://azdigi.cf and https://www.azdigi.cf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/azdigi.cf/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/azdigi.cf/privkey.pem Your cert will expire on 2021-04-14. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
So you have successfully installed SSL through Certbot, the path to save the website’s certificate file will be at the corresponding path:
- Certificate: /etc/letsencrypt/live/azdigi.cf/fullchain.pem - Private Key: /etc/letsencrypt/live/azdigi.cf/privkey.pem
Let’s Encrypt certificates are only valid for 90 days, so you can set up your cronjob so that the certificate automatically renews if it expires.
- You run the following command to open the Cronjob window:
export VISUAL=nano; crontab -e
- Copy the content below and paste it into the Crontab window
00 6 * * * /usr/bin/certbot renew --quiet
Note: This cronjob means that every 6:00 AM, it will check the certificate, if the certificate expires, it will automatically renew. Otherwise, if it is still due, the extension will not be made.
Step 3: Check the certificate after installation
To more accurately check if your website has successfully installed SSL, you can check more through the 2 methods below.
Method 1: Check from the browser
You can access your website in a browser and click on the padlock icon as shown below. It will display which company’s certificate the website uses and specify the issue date and expiration date.
Method 2: Check from the SSL Shopper page
You can access the SSL Checker page by following the link: https://www.sslshopper.com/ssl-checker.html
Then you enter your domain and click Check SSL. At this point, all information about the website’s certificate will be fully displayed as below:
III. Summary
So in this article, AZDIGI showed you how to quickly install Let’s Encrypt SSL on your website via Certbot quickly and simply. Installing SSL may seem simple, but it can be quite helpful for your website in terms of security as well as being great for SEO. Hopefully, this article will help you to install Let’s Encrypt SSL successfully!
If you find the article helpful, please share it widely.
If you need assistance, you can contact support in the ways below:
- Hotline 247: 028 888 24768 (Ext 0)
- Ticket/Email: You use the email to register for the service and send it directly to: support@azdigi.com