• Home
  • Archive
  • Tools
  • Contact Us
  • Forum

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
Home » Computer and Internet » Cloud Computing » Free SSL : How to Install Let’s Encrypt on Ubuntu, Nginx

By Abhishek Ghosh May 20, 2016 6:28 pm Updated on May 20, 2016

Free SSL : How to Install Let’s Encrypt on Ubuntu, Nginx

Advertisement

We will use apt based client tool to install the certificate. So, it is just easy. Previously, we have written about Let’s Encrypt Project. Here is Step by Step Commands to Use Free SSL by Let’s Encrypt Project. This is How to Install Let’s Encrypt on Ubuntu, Nginx for WordPress. You’ll get A+ on SSL Lab’s test with this method.

 

Read Before You are Going to Install Let’s Encrypt on Ubuntu, Nginx

 

For those who have an existing SSL certificate, they can use a subdomain to test or use the 301 redirected www subdomain. We are writing for Ubuntu 16.04 LTS, hence we will use apt-get install letsencrypt command to perform the works. There is separate thing – an agent software for Let’s Encrypt. Which is not present in case of paid SSL certificates. There are two modes for configuration. First is standalone, which replaces the web server to respond to ACME (Automatic Certificate Management Environment) challenges. Second is webroot. Where your web server to serve challenges from a known directory. Both of these are for when you do not want the certbot to edit your file. certbot is Let’s Encrypt client software. We are using webroot because it does not need replace Nginx bind to port 80 in order to renew certificates.

In this guide on how to install Let’s Encrypt on Ubuntu, Nginx; we are setting up abhishekghosh.pro to be served from /usr/share/nginx/html and challenges will be served from /usr/share/nginx/html/letsencrypt/. This is the official GitHub repo profile of Let’s Encrypt’s agent :

Vim
1
https://github.com/certbot/certbot

Here is Automatic Certificate Management Environment (ACME) specification :

Vim
1
https://github.com/ietf-wg-acme/acme/

We often give examples with acme.com as domain. What is this acme? Read on acme.com. That ACME is a group since 1970s promoting UNIX freeware.

 

Steps of How to Install Let’s Encrypt on Ubuntu, Nginx

 

Advertisement

---

We are taking it granted that you have installed Nginx. Create a file for SSL configuration named /etc/nginx/snippets/ssl.conf with this content :

/etc/nginx/snippets/ssl.conf
Vim
1
2
3
4
5
6
7
8
9
10
11
12
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+AESGCM:EECDH+AES;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

Now create a file named /etc/nginx/snippets/letsencrypt.conf with this content :

/etc/nginx/snippets/letsencrypt.conf
Vim
1
2
3
4
location ^~ /.well-known/acme-challenge/ {
    default_type "text/plain";
    root /usr/share/nginx/html/letsencrypt/;
}

We said that challenges will be served from /usr/share/nginx/html/letsencrypt/ location. That is what will the above stuff will do. We need the directory. Create it :

Vim
1
mkdir -p /usr/share/nginx/html/letsencrypt/.well-known/acme-challenge

Your Nginx virtual host file equivalent is /etc/nginx/sites-enabled/default. Edit it :

/etc/nginx/sites-enabled/default
Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;
    server_name abhishekghosh.pro www.abhishekghosh.pro;
 
    include /etc/nginx/snippets/letsencrypt.conf;
 
    root /usr/share/nginx/html;
    index index.html index.php;
    location / {
        try_files $uri $uri/ =404;
    }
}

The above is for HTTP, not HTTPS. Now install the client :

Vim
1
sudo apt-get install letsencrypt

Copy this command, edit it and run :

Vim
1
letsencrypt certonly --webroot -w /usr/share/nginx/html/letsencrypt/ -d www.abhishekghosh.pro -d abhishekghosh.pro --email me@abhishekghosh.pro --agree-tos

It will save the files in /etc/letsencrypt/live/www.abhishekghosh.pro/. cd to that directory and run :

optional step
Vim
1
2
cd /etc/letsencrypt/live/www.abhishekghosh.pro/
openssl dhparam -out dhparam.pem 4096

Now, this is an example full /etc/nginx/sites-enabled/default configuration with default nginx locations and domain abhishekghosh.pro :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;
    server_name abhishekghosh.pro www.abhishekghosh.pro;
    include /etc/nginx/snippets/letsencrypt.conf;
    location / {
        return 301 https://www.abhishekghosh.pro$request_uri;
    }
}
 
server {
    server_name www.abhishekghosh.pro;
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server ipv6only=on;
    ssl_certificate /etc/letsencrypt/live/www.abhishekghosh.pro/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.abhishekghosh.pro/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/www.abhishekghosh.pro/fullchain.pem;
    ssl_dhparam /etc/letsencrypt/live/www.abhishekghosh.pro/dhparam.pem;
    include /etc/nginx/snippets/ssl.conf;
    root /usr/share/nginx/html;
    index index.html;
    location / {
        try_files $uri $uri/ =404;
    }
}
 
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name abhishekghosh.pro;
    ssl_certificate /etc/letsencrypt/live/www.abhishekghosh.pro/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.abhishekghosh.pro/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/www.abhishekghosh.pro/fullchain.pem;
    ssl_dhparam /etc/letsencrypt/live/www.abhishekghosh.pro/dhparam.pem;
    include /etc/nginx/snippets/ssl.conf;
    location / {
        return 301 https://www.abhishekghosh.pro$request_uri;
    }
}

Run nginx config test :

Vim
1
nginx -t

Restart nginx :

Vim
1
service nginx restart

You can renew using the command letsencrypt renew. You can set a cron to run the command every 15 or 30 days.
Of course, you can print this and check mark the steps after doing, in case you are getting confused :

Free SSL - How to Install Let's Encrypt on Ubuntu, Nginx
Tagged With how to get free ssl on nginx , letsencrypt windows nginx
Facebook Twitter Google+ Pinterest

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Orthopaedic Surgeon, Author and Blogger. You can keep touch with him on Google Plus - Abhishek Ghosh1 and on Twitter - @AbhishekCTRL.

Follow the Author of this article :

13.7K+ Followers 18.7K+ Followers 2.5K+ Followers 1.5K Followers

Here’s what we’ve got for you which might like :

Articles Related to Free SSL : How to Install Let’s Encrypt on Ubuntu, Nginx

  • Cloud Computing and Designing Own Truly Scalable System

    Cloud Computing becomes fully enjoyable if it is arranged to make a scalable system for the application or CMS or any web software including WordPress.

  • How Cloud Computing Challenge The Networks

    How Cloud Computing Challenge Networks with virtually unlimited storage and computing capacity, reduced cost and maximum flexibility and massive data traffic.

  • Cloud Computing and Advent of Mobile Devices as Admin Console

    Cloud Computing and increased usage of mobile devices and available official and unofficial applications has significantly increased the mobility of administration too.

  • Checklist Secure Cloud Computing : The Conclusion

    Checklist Secure Cloud Computing is the continuation and conclusion of previously discussed topic on Privacy issues of Cloud Computing.

  • Serving Fonts from Rackspace Cloud Files CDN

    Serving Fonts from Rackspace Cloud Files CDN will require extra X Header else you can not serve Font-Face and the TTF, EOT, OTF and WOFF Files. Here is how.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Google+ or Twitter to join the conversation right now!

If you want to Advertise on our Article or want Business Partnership, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

You can subscribe to our Free Once a Day, Regular Newsletter by clicking the subscribe button below.

Click To Subscribe Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website...

 

 

Popular Articles

All articles of this Website are fully Free to read. Here are some, which possibly you'll like to read! Do not hesitate to contact us for any concern.

Contact Us

Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Recent Posts

  • Arduino : IR Obstacle Detection Sensor For Dimming LED (Stop Event Facing Obstacle) April 24, 2018
  • Approaches of Deep Learning : Part 3 April 24, 2018
  • Regular IR Distance Sensor Vs Sharp IR Distance Sensor (Arduino, Pi) April 24, 2018
  • Fight Increasing Hacking Attempts on Cloud Telephony & VoIP April 23, 2018
  • Arduino IR Obstacle Sensor Buzzer With LED April 23, 2018

About This Article

Title: Free SSL : How to Install Let’s Encrypt on Ubuntu, Nginx
May 20, 2016
Author: Abhishek Ghosh
Subjects: Cloud Computing, Computer and Internet
Is Part Of:

TheCustomizeWindows, May 20, 2016, Vol.1(01),
p.1–39075 [IoT Ready Journal]

Source:The Customize Windows
ISSN: 0019-5847 ;
E-ISSN: 0019-5847 ;
Publisher: jima.in

Cite this article as: Abhishek Ghosh, "Free SSL : How to Install Let’s Encrypt on Ubuntu, Nginx," in The Customize Windows, May 20, 2016, April 24, 2018, https://thecustomizewindows.com/2016/05/free-ssl-how-to-install-lets-encrypt-on-ubuntu-nginx/.
This website uses cookies.

Read Cookie Policy

Contents are copyright protected and reproduction demands our permission.


PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

web analysis

Copyright © 2018 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy