What is SSL Certificate?
Over time, cases of internet related security breaches have been on the rise as hackers continue working round the clock to steal user data for malicious purposes. An SSL certificate is a digital certificate that is installed on website servers primarily for encrypting data sent between the user browser and the server so that only the intended recipient accesses it. This is crucial because, without encryption, information is sent as plain text data and can easily be intercepted by hackers.
For this reason, most e-commerce stores and online money payment platforms such as PayPal encrypt their websites. SSL certificate also allows for authentication and ensures that information is sent to the right server and not a hacker.
Google Likes Secure Sites
SSL certificate helps to rank your site higher in Google. According to Google’s announcement, SSL encrypted sites will rank higher than those without and which are considered unsafe. A secured site is symbolized by a padlock on the URL bar and the URL preceded by https instead of HTTP. If your sites lack secure HTTPS extension, Google indicates the site URL as “Not Secure” and this can negatively impact
your site rankings.
Nginx with Let’s Encrypt SSL Certification on Ubunutu
In this article, we will look at how to secure Nginx with Let’s encrypt SSL on Ubuntu 18.04. Let’s Encrypt is a free and automated SSL provided by Let’s encrypt authority. By 2018, Let’s Encrypt had secured over 150 million websites.
Let’s gets started and see how we can secure Nginx with Let’s encrypt SSL on Ubuntu 18.04.
To get started, ensure you have the following:
- Server instance of Ubuntu server 18.04 with ssh access
- A non-root use with sudo privileges
- A fully Qualified Domain Name (FQDN) with an A record pointed to the server’s IP address
In this example , we are going to use the domain name crazytechgeek.info which is pointed to a VPS with IP address 22.214.171.124.
Step 1. Installing Nginx
The first thing will be to install Nginx web server. But first, update your system by logging in as a non-root user and executing the following command.
$ sudo apt update
Next, install Nginx with the following command.
$ sudo apt install nginx
Once installed, verify that Nginx is running by executing the following command.
$ sudo systemctl status nginx
Great! Now that we have installed our web server, let’s proceed to the next step.
Step 2. Install Certbot
Let us now install Certbot on our server. In this example, we will use the Ubuntu software repository that contains all the updated files. To add the Certbot repository run the following command.
$ sudo add-apt-repository ppa:certbot/certbot
To make the system repositories aware of the changes made, please update the system.
$ sudo apt update
Step 3. install Certbot Nginx package
We are then going to install the Certbot Nginx package. To achieve this run the command below:
$ sudo apt-get install python-certbot-nginx
Step 4. Updating Firewall to allow HTTPS traffic
we need to allow HTTPS traffic through the firewall for SSL to work using port 443. Let’s first check the status of the firewall.
$ sudo ufw status
Before we enable the firewall, let’s first allow “Nginx Full” which will take care of both HTTP and HTTPS.
$ sudo ufw allow 'Nginx Full'
Let us now enable the ufw firewall. Hit ‘y’ when prompted.
$ sudo ufw enable
Let’s verify if the rules were added to the firewall.
$ sudo ufw status
Step 5. Generating SSL certificate
The last part is the generation of the Let’s Encrypt SSL certificate. To achieve this, use the syntax below.
$ sudo certbot --nginx -d example.com -d www.example.com
This will generate the SSL certificate that will be valid for example.com as well as www.example.com.
In our case, we shall have;
$ sudo certbot --nginx -d crazytechgeek.info -d www.crazytechgeek.info
If you are running Certbot for the first time, you will first be prompted to enter an Email address.
Communication will then be initiated with Let’s Encrypt server and try to verify that you control the domain you are asking for a certificate.
Next. Press A to agree to the terms of service.
Next, you will be asked whether you would like your email address to be shared with EFF. Here, you can either decide to opt in or out.
The Next step is where everything matters. This is the point where you will be required to redirect HTTP to HTTPS requests. Select the second option.
If all went well, you will get a message verifying that all went well.
Wonderful! you have successfully installed Let’s encrypt SSL on your Nginx web server.
To verify this, Go to your server’s address in the browser and refresh.
Take note that the URL has changed from HTTP to HTTPS at the beginning. To view more information about the SSL certificate, click on the padlock symbol and select ‘Certificate’ option.
Renew Let’s Encrypt SSL Certificate
Let’s encrypt certificate validity is 90 days. This means renewal is after 3 months. The renewal for automation is automatically done by Let’s encrypt. To test the renewal process, do a dry run with Certbot as shown.
sudo certbot renew --dry-run
If there are no errors then, everything went according to the plan and as needed the auto-renewal of will take place. All messages about CA expiration will be sent to the Email address specified during configuration.