January 17, 2023

How to set up a free auto-renewable SSL certificate with Certbot or Let’s Encrypt and NGINX

Let’s encrypt provides free SSL certificates for your websites and also modifies your nginx config to ensure you always have a secure connection. Its great!

You are able to do this with Apache or Nginx. So the first thing we need to do is SSH into your server as root user to being.

Installing Certbot / Let’s Encrypt

The official documentation can be found here. In previous versions we would install cerbot directly, however in the newer versions we are going to be using the snapd package manager. Don’t worry, its still as easy as it was.

The following steps are done in your command line while SSH’d in your server:

Step 1 Install snapd

sudo apt install snapd

Step 2 Ensuring we have the latest version of snapd

sudo apt install core; sudo snap refresh core

Step 3 Installing Certbot

sudo snap install --classic certbot

Step 4 Make Certbot easily available in your command line – also called a symlink

sudo ln -s /snap/bin/certbot /usr/bin/certbot

We are now ready to start creating our SLL certificates.

Issue the SSL certificate with Certbot

Now we will use Certbot to read our Nginx/Apache configs and, with the command line options, select which hosts (websites) we want to issue the SSL’s. We will also be able to select if we want to force the connections to always be HTTPS by always redirecting HTTP to HTTPS. I recommend we always select that option.

Step 1 Run Certbot

If you are using Apache:

sudo cerbot --apache

If you are using Nginx

sudo certbot --nginx

You will now follow the options as I explained above, Certbot makes it quite easy to follow. IF you do have any questions, feel free to comment below and I will help :).

You can also specify which websites you want to issue the certificate by using the -d parameter

sudo certbot --nginx -d -d

Step 2 Add your email address – you will be notified here by certbot once a certificate is due to renweal

Step 3 Accept the terms and continue to follow the questions by Certbot

SSL Maintenance & whats next?

The certificates issued by Certbot will last 90 days. Don’t worry, Cerbot will check every 2 days for your certificates and renew them. In the off chance that this doesn’t work, you can just run the command in Step 1 and select “Renew”.

You can also check the Certbot auto renewal timer by using the following command:

systemctl show certbot.timer

Posted in Devops, nginx
Write a comment