lesson

Configure SSL/TLS with Let's Encrypt and enforce HTTPS on Your Web Application - IT'S FREE

author
Mumuni Mohammed
Posted: 1 month ago Updated: 1 day ago
image

Let’s Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. It simplifies the process by providing a software client, Certbot, that attempts to automate most (if not all) of the required steps. Currently, the entire process of obtaining and installing a certificate is fully automated on both Apache and Nginx.

We will use Certbot to obtain a free SSL certificate for Nginx on Ubuntu 20.04 and set up our certificate to renew automatically.

Installing Certbot

Install Certbot and its Nginx plugin with apt

$ sudo apt install certbot python3-certbot-nginx

Allowing HTTPS Through the Firewall

To additionally let in HTTPS traffic, allow the Nginx Full profile and delete the redundant Nginx HTTP profile allowance:

 $ sudo ufw allow 'Nginx Full'

 $ sudo ufw delete allow 'Nginx HTTP'

Verify the rules by typing:

 $ sudo ufw status

You should see only 'Nginx Full'. 

Obtaining an SSL Certificate

Certbot provides a variety of ways to obtain SSL certificates through plugins. The Nginx plugin will take care of reconfiguring Nginx and reloading the config whenever necessary. To use this plugin, type the following:

 $ sudo certbot --nginx -d example.com -d www.example.com

If this is your first time running certbot, you will be prompted to enter an email address and agree to the terms of service. After doing so, certbot will communicate with the Let’s Encrypt server, then run a challenge to verify that you control the domain you’re requesting a certificate for.

If that’s successful, certbot will ask how you’d like to configure your HTTPS settings.

Output:

 Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 1: No redirect - Make no further changes to the webserver configuration.

 2: Redirect - Make all requests redirect to secure HTTPS access.

 Choose this for new sites, or if you're confident your site works on HTTPS.

 You can undo this change by editing your web server's configuration.

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Select your choice then hit ENTER. Of course, you are here because of HTTPS redirect. It will be better to select option 2. That way, if people visit your site with HTTP, they will be automatically redirected to a more secured connection. The configuration will be updated, and Nginx will reload to pick up the new settings. certbot will wrap up with a message telling you the process was successful and where your certificates are stored:

Continuation of the output:

 IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at:   /etc/letsencrypt/live/example.com/fullchain.pem Your key file has been saved at:   /etc/letsencrypt/live/example.com/privkey.pem Your cert will expire on 2020-08-18. To obtain a   new or tweaked version of this certificate in the future, simply run certbot again with the "certonly"   option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like   Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le

Verifying Certbot Auto-Renewal

Let’s Encrypt’s certificates are only valid for ninety days. This is to encourage users to automate their certificate renewal process. The certbot package we installed takes care of this for us by adding a systemd timer that will run twice a day and automatically renew any certificate that’s within thirty days of expiration.

You can query the status of the timer with systemctl:

 $ sudo systemctl status certbot.timer

 #output

 ● certbot.timer - Run certbot twice daily Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled) Active: active (waiting) since Mon 2020-05-04 20:04:36 UTC; 2 weeks 1 days ago Trigger: Thu 2021-08-21 06:47:33 UTC; 9h left Triggers: ● certbot.service

To test the renewal process, you can do a dry run with certbot:

 $ sudo certbot renew --dry-run

If you see no errors, you’re all set. When necessary, Certbot will renew your certificates and reload Nginx to pick up the changes. If the automated renewal process ever fails, Let’s Encrypt will send a message to the email you specified, warning you when your certificate is about to expire.

 

Like Tutorial

Share Tutorial

0 Comments

Author
avatar
Mumuni Mohammed

I studied electrical and electronic engineering at Ashesi University but decided to self-study computer science and eventually found a career in it. My great passion is bringing healing to people who have been through a stressful experience with learning. I help students to find healthy perceptions of themselves and strengthen their relationships so that they can know themselves and face learning without any fear.

I am currently learning and doing more of DevOps and Ceph.

Follow
More From Kalkulus
https://ktechhub.s3.amazonaws.com/tutorials/241y4U4UpCsrEx4Tv4xm3KVfZ1FTGh29SMMCOlMo.png
Fixed - zsh: corrupt history file
520 Views 7 months ago
https://ktechhub.fra1.digitaloceanspaces.com/tutorials/1628760126.pic25.png
Hosting Your Laravel App On Heroku
408 Views 4 months ago
Popular Topics
Angular
Python

1 Tutorials

arrow_right
Angular
Python

1 Tutorials

Python is a computer programming language often used to build websites and software, automate tasks, and conduct data analysis.

Angular
Laravel

3 Tutorials

arrow_right
Angular
Laravel

3 Tutorials

Laravel is a free, open-source PHP web framework, intended for the development of web applications following the model–view–controller architectural pattern and based on Symfony.

Angular
Django

2 Tutorials

arrow_right
Angular
Django

2 Tutorials

Django is a Python-based free and open-source web framework that follows the model–template–views architectural pattern.

Angular
Flask

1 Tutorials

arrow_right
Angular
Flask

1 Tutorials

Flask is a micro web framework written in Python. It is classified as a microframework because it does not require particular tools or libraries.

Angular
PHP

3 Tutorials

arrow_right
Angular
PHP

3 Tutorials

PHP is a general-purpose scripting language geared towards web development.

Angular
AWS

1 Tutorials

arrow_right
Angular
AWS

1 Tutorials

Amazon Web Services is a subsidiary of Amazon providing on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis.

Angular
Microsoft Azure

1 Tutorials

arrow_right
Angular
Microsoft Azure

1 Tutorials

Microsoft Azure, commonly referred to as Azure, is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.

Angular
GCP

1 Tutorials

arrow_right
Angular
GCP

1 Tutorials

Google Cloud Platform, offered by Google, is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, file storage, and YouTube.

Angular
Digitalocean

1 Tutorials

arrow_right
Angular
Digitalocean

1 Tutorials

DigitalOcean, Inc. is an American cloud infrastructure provider headquartered in New York City with data centers worldwide. DO provides developers cloud services that help to deploy and scale applications that run simultaneously on multiple computers.

Angular
General

2 Tutorials

arrow_right
Angular
General

2 Tutorials

Any topic without an identifiable topic name on the platform

Angular
Cloud Hosting

3 Tutorials

arrow_right
Angular
Cloud Hosting

3 Tutorials

Cloud computing is the on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user.

Angular
Heroku

1 Tutorials

arrow_right
Angular
Heroku

1 Tutorials

Heroku is a cloud platform as a service supporting several programming languages. One of the first cloud platforms,

Angular
Shell Scripting

1 Tutorials

arrow_right
Angular
Shell Scripting

1 Tutorials

A shell script is a computer program designed to be run by the Unix shell, a command-line interpreter. The various dialects of shell scripts are considered to be scripting languages.

Angular
Docker

1 Tutorials

arrow_right
Angular
Docker

1 Tutorials

Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers.

Angular
Ansible

1 Tutorials

arrow_right
Angular
Ansible

1 Tutorials

Ansible is an open-source software provisioning, configuration management, and application-deployment tool enabling infrastructure as code. It runs on many Unix-like systems.

KtechHub

KtechHub is an e-learning platform where individual learn and share knowledge with others.

Follow Us

Terms Privacy policy

Copyright 2020 © All rights reserved.