Home Linux Server Install Let’s Encrypt SSL with Certbot on Nginx

Install Let’s Encrypt SSL with Certbot on Nginx

by Thạch Phạm
Published: Last Updated on
A+A-
Reset

How to install Let’s Encrypt SSL with Certbot on Nginx

In this article, AZDIGI will guide you on installing the Let’s Encrypt SSL certificate on the Nginx server in the simplest and fastest way, please follow along.

I. Overview

What is an SSL certificate?

SSL is a certificate that helps encrypt information on devices or applications that support this encryption. SSL certificate will have Private Key and Public Key, in which Public Key will be installed in terminal applications that browsers or other applications can access. Private Key will be installed in applications that handle receiving data.

Its purpose of operation is like the key to helping decrypt the data sent from the terminal, which is also encrypted through the Public Key.

What is Let’s Encrypt?

Let’s Encrypt is an SSL authentication organization like Comodo, GeoTrust and Symantec, but the difference is that they are a non-profit organization established with the auspices of influential organizations in the world Cisco, Akamai, Mozilla, Facebook… Therefore, Let’s Encrypt SSL certificates will be no different from other types of SSL certificates. However, you must renew them every 90 days to continue using them.

In addition, you can read more about Let’s Encrypt at the homepage link below:

So how to install Let’s Encrypt SSL on a website using Nginx, please see the steps below.

II. Implementation guide

To install SSL Let’s Encrypt on the Nginx server, follow these 3 steps.

Step 1: Install Cerbot Let’s Encrypt Client

With Let’s Encrypt, you can quickly install it through the Certbot client with just a few simple commands and wait for the system to run automatically.

  • First, you need to install the EPEL repository:
AZDIGI Tutorial
yum -y install epel-release
    
  • Next, install certbot-nginx with the following command:
AZDIGI Tutorial
yum -y install certbot-nginx
    
Install Let's Encrypt SSL with Certbot on Nginx
As shown above, I have successfully installed Certbot.

Step 2: Install Let’s Encrypt SSL

Note: You must make sure the domain is pointed to the server IP (if you install SSL for the subdomain www.domain.com, the sub must also point to the server)

To install SSL for your website, use the following command: (please change azdigi.cf to the name of your website)

AZDIGI Tutorial
certbot --nginx -d azdigi.cf -d www.azdigi.cf
    
[root@template conf.d]# certbot --nginx -d azdigi.cf -d www.azdigi.cf
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): kiendt@azdigi.cf (Enter your email)
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y  (Press Y to agree to the terms)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N (Press N to refuse information and news from LetsEncrypt and Certbot)
Account registered.
Requesting a certificate for azdigi.cf and www.azdigi.cf
Performing the following challenges:
http-01 challenge for azdigi.cf
http-01 challenge for www.azdigi.cf
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/azdigi.cf.conf
Deploying Certificate to VirtualHost /etc/nginx/nginx.conf
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/azdigi.cf.conf
Redirecting all traffic on port 80 to ssl in /etc/nginx/nginx.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://azdigi.cf and
https://www.azdigi.cf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
 /etc/letsencrypt/live/azdigi.cf/fullchain.pem
 Your key file has been saved at:
 /etc/letsencrypt/live/azdigi.cf/privkey.pem
 Your cert will expire on 2021-04-14. To obtain a new or tweaked
 version of this certificate in the future, simply run certbot again
 with the "certonly" option. To non-interactively renew *all* of
 your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

 Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
 Donating to EFF: https://eff.org/donate-le

So you have successfully installed SSL through Certbot, the path to save the website’s certificate file will be at the corresponding path:

 - Certificate: /etc/letsencrypt/live/azdigi.cf/fullchain.pem
 - Private Key: /etc/letsencrypt/live/azdigi.cf/privkey.pem 

Let’s Encrypt certificates are only valid for 90 days, so you can set up your cronjob so that the certificate automatically renews if it expires.

  • You run the following command to open the Cronjob window:
AZDIGI Tutorial
export VISUAL=nano; crontab -e
    
  • Copy the content below and paste it into the Crontab window
AZDIGI Tutorial
00 6 * * * /usr/bin/certbot renew --quiet
    

Note: This cronjob means that every 6:00 AM, it will check the certificate, if the certificate expires, it will automatically renew. Otherwise, if it is still due, the extension will not be made.

Install Let's Encrypt SSL with Certbot on Nginx

Step 3: Check the certificate after installation

To more accurately check if your website has successfully installed SSL, you can check more through the 2 methods below.

Method 1: Check from the browser

You can access your website in a browser and click on the padlock icon as shown below. It will display which company’s certificate the website uses and specify the issue date and expiration date.

Install Let's Encrypt SSL with Certbot on Nginx

Method 2: Check from the SSL Shopper page

You can access the SSL Checker page by following the link: https://www.sslshopper.com/ssl-checker.html

Then you enter your domain and click Check SSL. At this point, all information about the website’s certificate will be fully displayed as below:

Install Let's Encrypt SSL with Certbot on Nginx

III. Summary

So in this article, AZDIGI showed you how to quickly install Let’s Encrypt SSL on your website via Certbot quickly and simply. Installing SSL may seem simple, but it can be quite helpful for your website in terms of security as well as being great for SEO. Hopefully, this article will help you to install Let’s Encrypt SSL successfully!

If you find the article helpful, please share it widely.

If you need assistance, you can contact support in the ways below:

Đánh giá

Tham gia nhóm hỗ trợ Server - Hosting

Tham gia nhóm Hỗ trợ Server - Hosting & WordPress để cùng nhau hỏi đáp và hỗ trợ các vấn đề về WordPress, tối ưu máy chủ/server.

Tham gia ngay

Bài viết cùng chuyên mục

AZDIGI – Không chỉ là đơn vị hàng đầu trong lĩnh vực Web Hosting và Máy chủ, chúng tôi mong muốn mang lại những kiến thức bổ ích nhất và luôn cập nhật thường xuyên cho cộng đồng người đam mê thiết kế website, công nghệ,…

Vui lòng không sao chép nội dung nếu chưa xin phép. Designed and Developed by PenciDesign