Monday, March 27, 2023

Let’s Encrypt SSL Certificate in Linux Nginx.



Let’s Encrypt is a free and open certificate authority developed by the Internet Security Research Group (ISRG). Certificates issued by Let’s Encrypt are trusted by almost all browsers today.

Prerequisites.

  1. You have a domain name pointing to your public server IP. In this tutorial, we will use nazitech.com.
  2. You have enabled the EPEL repository and installed Nginx.

Step-1 Install Certbot.

To install the certbot package form the EPEL repository run.

Before installing certboat install python and python-pip.

sudo apt-get install python
sudo apt-get install python-pip
sudo apt-get install certbot

Now install certbot Nginx plugin.

python3.6 -m pip install certbot-nginx
or
apt-get install python-certbot-nginx

You can now run Certbot with the Webroot plugin and obtain the SSL certificate files for your domain by issuing:

certbot --nginx -d nazitech.com -d www.nazitech.com

If the SSL certificate is successfully obtained, certbot will print the following message:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/nazitech.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/nazitech.com/privkey.pem
   Your cert will expire on 2018-06-11. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF: https://eff.org/donate-le

Now that you have the certificate files. You can edit your Nginx conf file.

/etc/nginx/nginx.conf

server {
    listen 80;
    server_name www.example.com example.com;
}
server {
     listen 443 ssl http2;
     server_name  172.16.0.36;
     ssl_certificate /etc/letsencrypt/live/nazitech.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/nazitech.com/privkey.pem;
     ssl_trusted_certificate /etc/letsencrypt/nazitech.com/chain.pem;
     ssl_dhparam /etc/ssl/certs/dhparam.pem;
location / {
     proxy_pass http://ywebsite.co.in;
     proxy_http_version 1.1;
       }
}

Don’t forget to add Proxy_HTTP_version in the location line.

Restart Nginx service and check.

sudo systemctl restart nginx

Thnaks..!!

at
Labels: , ,
Location: India

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

What is DevOps? DevOps Kya hai?

DevOps is not a tool or a software. DevOps simply is a hassle free process to implement, develop and deliver the product to client. It'...