Secure your website using Let's Encrypt free SSL certificate on Ubuntu 14.04

February 14, 2017

Secure your website using Let’s Encrypt free SSL Certificate on Ubuntu 14.04

Secure your website using Let’s Encrypt free SSL Certificate on Ubuntu 14.04

So what’s Let’s Encrypt? It’s a certificate authority that allows you to issue SSL certificates for free. Yes, you read it right, FREE!…

Secure your website using Let’s Encrypt free SSL Certificate on Ubuntu 14.04

So what’s Let’s Encrypt? It’s a certificate authority that allows you to issue SSL certificates for free. Yes, you read it right, FREE!. But it’s only free for 90 days you need to manually renew it or create a script to automate the renwal but that’s another tutorial. I assume you have a website that needs to be secure. In this tutorial I’ll show you how to install a ssl certificate on an nginx server.

Step 1 — Prerequisites

Let’s encrypt requires that your domain and web server are already setup. So first make sure your server is up to date.

$ sudo apt-get update

Install git because we need to download the let’s encrypt project to our server. I wasn’t able to download it directly via apt-get even tho the internet told me to add the ‘universe’ repo.

$ sudo apt-get install git

Ok, when git is installed. Clone let’s encrypt repo somewhere in your server Let’s install it to opt folder.

Step 2 — Create a certificate

$ sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

cd into the /opt/letsencrypt directory and install using the standalone flag.

$ ./letsencrypt-auto certonly --standalone

It should prompt you an installation guide and ask for email address, domain name e.g yourdomain.com www.yourdomain.com. After that, it should generate a certificate.

Step 3 — Configure Nginx

Before anything else let’s stop the nginx server first.

$ sudo service nginx stop

Let’s update the nginx config and in the server block, remove the settings that points port any requests to port 80.

$ sudo vim /etc/nginx/site-available/default

Let’s add a setting that listens to port 443 on ssl connection and specify the domains.

server {
  listen 443 ssl;
server_name yourdomain.com www.yourdomain.com;
  .......
}

Specify the path for your ssl certificates and key.

server {
....
ssl_certificate /etc/letsencrypt/live/yourdomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain/privkey.pem;
}

Add the required ssl protocols and ciphers. You can check how I got the cipher values in https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html#The_Cipher_Suite

server {
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
}

Let’s redirect all the requests to https by default.

server {
  listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$host$request_uri;
}

So after all of that save the configuration and restart nginx.

$ sudo service nginx restart

And that’s it! your site should be in https Done!

Comments

comments powered by Disqus