Step 1. Installing Certbot
# apt-get install letsencrypt
or
# apt-get install certbot
Step 2. Confirming Nginx’s Configuration
To check, open the server block file for your domain using nano or your favorite text editor:
# sudo nano /etc/nginx/sites-available/your_domain
Find the existing server_name line. It should look like the following:
server {
listen 80;
}
server {
listen 80;
server_name your_domain www.your_domain;
root /home/myuser3/www;
}
If it does, exit your editor and move on to the next step.
Step 3. Obtaining an SSL Certificate
# letsencrypt certonly --webroot --webroot-path=/home/myuser3/www -d your_domain.com -d www.your_domain.com
* How to Solve Error 404 Not Found & How to Fix it
Failed authorization procedure. your_domain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization
:: 160.153.63.10: Invalid response from https://www.your_domain.com/.well-known/acme-challenge/ABCDE12345: 404,
www.your_domain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization
:: 160.153.63.10: Invalid response from https://www.your_domain.com/.well-known/acme-challenge/VWXYZ67890: 404
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: your_domain.com
Type: unauthorized
Detail: 160.153.63.10: Invalid response from
https://www.your_domain.com/.well-known/acme-challenge/ABCDE12345:
404
Domain: www.your_domain.com
Type: unauthorized
Detail: 160.153.63.10: Invalid response from
https://www.your_domain.com/.well-known/acme-challenge/VWXYZ67890:
404
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
Edit Nginx’s Configuration
location /.well-known {
alias /root/folder/$site_name/.well-known/$1;
}
* If successful, you will receive the following output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for your_domain.com
http-01 challenge for www.your_domain.com
Using the webroot path /root/folder/your_domain for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Running deploy-hook command: systemctl reload nginx
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/your_domain/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/your_domain/privkey.pem
Your cert will expire on 2023-09-18. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Step 4. Edit Nginx’s Configuration
Add this block:
#ssl beginning
ssl on;
ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
#ssl end
Ref.
