Vishesh Ghule's Blog

Day 40: How to setup SSL with NGINX

Day 40: How to setup SSL with NGINX

#90daysofdevops

Vishesh Ghule's photo
Vishesh Ghule
·

5 min read

Table of contents

🚀 Introduction

In this article we are going to learn how to get an SSL certificate by using certbot which can help you to understand how certbot works, I will be using Ubuntu(you can use any UNIX like operating system) for this tutorial.

🔸What is Certbot

Certbot is a free, open-source software tool for automatically enabling HTTPS on your website. It simplifies the process of obtaining and installing SSL/TLS certificates from the Let's Encrypt Certificate Authority, which are essential for encrypting web traffic and ensuring secure communication between web servers and clients. Certbot supports various web servers, including Apache and Nginx, and offers plugins to automate the certificate installation process for different configurations and platforms.

🔸What is Let's Encrypt

Let's Encrypt is a free, automated, and open certificate authority (CA) that provides SSL/TLS certificates for enabling HTTPS encryption on websites. It aims to make the process of obtaining and renewing certificates as simple and automated as possible. Let's Encrypt certificates are trusted by most modern web browsers and are valid for 90 days, but they can be easily renewed using automated tools like Certbot. By providing free SSL/TLS certificates, Let's Encrypt has played a significant role in making the web more secure and promoting widespread HTTPS adoption.

The key principles behind Let’s Encrypt are(as in their website):

  • Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost valid for 9 days.

  • Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal mostly known as certbot.

  • Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.

  • Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.

  • Open Source: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.

  1. Certbot: Certbot is a software tool developed by the Electronic Frontier Foundation (EFF) that helps automate the process of obtaining, managing, and renewing SSL/TLS certificates. It supports various web servers and platforms and offers plugins for different configurations. Certbot interacts with Let's Encrypt's servers to request and install certificates.

  2. Let's Encrypt: Let's Encrypt is a certificate authority (CA) that issues SSL/TLS certificates for free. It aims to make HTTPS encryption more accessible to website owners by providing automated tools for obtaining and renewing certificates. While Certbot is one of the most popular tools for interacting with Let's Encrypt, Let's Encrypt itself is the organization that issues the certificates.

In summary, Certbot is a software tool used to interact with Let's Encrypt's services and manage SSL/TLS certificates, while Let's Encrypt is the organization that issues the certificates.

OR

Let's Encrypt is a non-profit organization that creates free SSL certificates, and Certbot is an open-source software that manages the SSL certificates provided by Let's Encrypt.

🔸What is TTL

When we update our website, we also update the DNS records. After the update, we set the TTL (Time To Live) value, which determines how long DNS servers should cache the old information. For example, if we set the TTL to 60 seconds or 180 seconds, it means that DNS servers will keep the old information cached for that duration. Once the TTL expires, DNS servers will request new information, allowing users to see the updated website promptly. In short, by using TTL, we can control how quickly users see the updated website.

By setting the TTL (Time To Live) value for DNS records, you can control how long DNS servers cache the information. Once the TTL expires, DNS servers fetch new information, allowing users to access the updated website more quickly.

🔸How to Setup SSL with NGINX

  1. Install nginx

    • sudo apt update

    • sudo apt install nginx

  2. Copy default configuration to domain configuration, by typing command

    • cp /etc/nginx/sites-available/default /etc/nginx/sites-available/vishesh.com

  3. Now change configuration file to set SSL to your domain

OR

After that file opened, write your domain name front of the server name

Server_name vishesh.com www.vishesh.com;

  1. Unlink your default configuration file so that you can enable your domain configuration

    • unlink /etc/nginx/sites-enabled/default

  2. Now link to your xyz.com

    • ln -s /etc/nginx/sites-available/xyz.com/etc/nginx/sites-enabled/xyz.com

  3. Now test nginx

    • nginx -t

  4. Restart server

    • service nginx restart

  5. Install certbot for SSL

    • Now let's encrypt SSL

    • add-apt-repository ppa:certbot/certbot

    • press enter

    • sudo apt install python3-certbot-nginx

  6. Now install SSL to particular domain

    • certbot --nginx -d xyz.com -d xyz.com

It will ask for your email I'D ()

  • Type capital 'A' to Agree

  • Type capital 'Y' to Yes

  1. It will ask to select number then select 2

    • Select the appropriate number [1-2] the [enter] (press ‘c’ to cancel): 2

(Select 2 to redirect to your https by default)

Note: If you select '1', the request will not be redirected from HTTP to HTTPS

🔸Requirements:

  • Certbot is meant to be run directly on a web server. You can use your PC for this tutorial

  • Make sure you have python installed which makes installation faster

  • Its better to have root privileges

🔸How SSL Certificate Validation Works

Thanks for reading to the end; I hope you gained some knowledge.❤️🙌

Linkedln

Twitter

Github

SSLcertbotAWSDevops