Step 1- Install Certbot
root@testserver:~# apt install certbot python3-certbot-nginx
Certbot is now ready for usage, but some of its configuration needs to be confirmed before it can be set up for Nginx.
Firstly, confirm if the server block exists on your nginx configuration
root@testserver:~# cat /etc/nginx/sites-available/testdomain.com
You should have a block with the details below ( note the test domain.com needs to be your actual domain name)
server_name example.com www.example.com;
If the block exists, you can proceed with the next step below; otherwise, Click here for steps to configure LEMP on Ubuntu 20.04
Step 3 – Allow UFW firewall; check the status using the command below
root@testserver:~# ufw status
We need to allow FULL Nginx Profile to let in HTTPS traffic;
root@testserver:~# ufw allow 'Nginx Full'
root@testserver:~# ufw delete allow 'Nginx HTTP'
Confirm the status again with ”ufw status; the final output should be;
Output
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
Now, let’s run the cerbot command to obtain the SSL
root@testserver:~# certbot --nginx -d testdomain.com -d www.testdomain.com
If you are using Certbot for the first time, you will be requested to enter your email address and confirm your acceptance of the terms of service. Following this, Certbot will connect to the Let’s Encrypt server and launch a challenge to verify that you are the domain owner for which you are applying for a certificate.
If successful, you will have the output below;
IMPORTANT NOTES:
Congratulations! You have successfully enabled https://testdomain.com and
https://www.testdomain.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=testdomain.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.testdomain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/testdomain.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/testdomain.com/privkey.pem
Your cert will expire on 2023-11-20. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Congratulations, you have successfully installed the SSL. Examine your browser’s security indicator after reloading your webpage with the https:// protocol. It should display a lock icon to ensure the website is properly secured.
Leave A Comment?