How to install Let’s Encrypt with Nginx On Ubuntu 16.04
First of all, we need to install Nginx on Ubuntu 16.04 Machine. Please run it as the below just to get the server updated and installed Nginx :
$ sudo apt update && sudo apt upgrade -y $ sudo apt install -y nginx
Now we need to create virtual host config and it’s HTTP-only.
server { listen 80; root /home/solutionclub/public_html/solutionclub.in; index index.php index.html index.htm; server_name solutionclub.in www.solutionclub.in; .........
Now you need to enable this domain(site).
$ sudo ln -s /etc/nginx/sites-available/solutionclub.in.conf /etc/nginx/sites-enabled/solutionclub.in.conf $ sudo systemctl reload nginx
Now we are going to install Certbot on Ubuntu machine.
$ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-nginx
Now time to install SSL to domain.
$ sudo certbot --nginx -m [email protected] -d solutionclub.in -d www.solutionclub.in
After running the above commands, you will get prompted to accept the licensing terms. If everything is checked,then the client should automatically install the free SSL/TLS certificate and configure the Nginx site for the use of the certs.
Please read carefully the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-Fabuary-15-2018.pdf. You must understand that you should agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory ------------------------------------------------------------------------------- Now confirm email i'd if you like to share (A)gree/(C)ancel: A
Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o: Y
Now if you would like to redirect HTTP site to HTTPS then press 2
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. ------------------------------------------------------------------------------- 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
.
Congratulations! You have successfully enabled https://www.solutionclub.in and https://www.solutionclub.in You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=solutionclub.in https://www.ssllabs.com/ssltest/analyze.html?d=www.solutionclub.in -------------------------------------------------------------------------------
IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/solutionclub.in/fullchain.pem
Your key file has been saved at: /etc/letsencrypt/live/solutionclub.in/privkey.pem Your cert will expire on 2018-02-24. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Now you successfully install SSL Certificate on your domain. Now check config file of domain.
Now Nginx should be setup with HTTP/2 protocol.
listen 443 ssl http2; # managed by Certbot ssl_certificate /etc/letsencrypt/live/solutionclub.in/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/solutionclub.in/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
Congratulation! You have successfully configured for Nginx to use HTTP/2 protocols.
Enjoy!!!!
Want to setup a process to automatically renew the certificates and add a cron job to execute the renewal process.
$ sudo crontab -e
Now add cron
0 1 * * * /usr/bin/certbot renew & > /dev/null