How To Secure Nginx with Let's Encrypt on Ubuntu

John Doe ·

1714 Views

Step 1. Installing Certbot

# apt-get install letsencrypt

or

# apt-get install certbot

 

Step 2. Confirming Nginx’s Configuration

To check, open the server block file for your domain using nano or your favorite text editor:

# sudo nano /etc/nginx/sites-available/your_domain

Find the existing server_name line. It should look like the following:

server {
   listen 80;
}

server {
   listen 80;
   server_name your_domain www.your_domain;
   root /home/myuser3/www;
}

If it does, exit your editor and move on to the next step.

 

Step 3. Obtaining an SSL Certificate

# letsencrypt certonly --webroot --webroot-path=/home/myuser3/www -d your_domain.com -d www.your_domain.com

* How to Solve Error 404 Not Found & How to Fix it

Failed authorization procedure. your_domain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization
:: 160.153.63.10: Invalid response from https://www.your_domain.com/.well-known/acme-challenge/ABCDE12345: 404,
www.your_domain.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization 
:: 160.153.63.10: Invalid response from https://www.your_domain.com/.well-known/acme-challenge/VWXYZ67890: 404

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: your_domain.com
   Type:   unauthorized
   Detail: 160.153.63.10: Invalid response from
   https://www.your_domain.com/.well-known/acme-challenge/ABCDE12345:
   404

   Domain: www.your_domain.com
   Type:   unauthorized
   Detail: 160.153.63.10: Invalid response from
   https://www.your_domain.com/.well-known/acme-challenge/VWXYZ67890:
   404

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

Edit Nginx’s Configuration

location /.well-known {
	alias /root/folder/$site_name/.well-known/$1;
}

* If successful, you will receive the following output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for your_domain.com
http-01 challenge for www.your_domain.com
Using the webroot path /root/folder/your_domain for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Running deploy-hook command: systemctl reload nginx

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/your_domain/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/your_domain/privkey.pem
   Your cert will expire on 2023-09-18. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

 

Step 4. Edit Nginx’s Configuration

Add this block:

#ssl beginning
ssl on;

ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;

#ssl end

 

Ref.

New! Premium CPU-Optimized Droplets are now available. Learn more ->We're hiringBlogDocsGet SupportContact SalesProductsFeatured ProductsDropletsScalable virtual machinesKubernetesManaged Kubernetes clustersCloudwaysManaged cloud hostingApp PlatformGet ap
close search homeHome chatContact Me Categories labelGenerallabelHow-To GuideslabelMetalabelNewslabelOp-EdlabelServer Logs Explained Archives folderDecember 2021 folderJune 2021 folderMarch 2021 folderJanuary 2021 folderDecember 2020 folderOctober 2020 fo
웹은 계속 발전하고 있으며, 여러 새로운 기술이 끊임 없이 등장하고 있다. 이 글에서는 웹 기술 중 하나인 SSL (Secure Socket Layer) 에 대해서 이야기 해 보고자 한다. < 그림 : OSI Model 에서 SSL 의 위치 >   정확히 말해서 SSL 은 전송계층과 (Transport Layer) 응용계층 (App…

 

nginx Let’s Encrypt