Let’s Encrypt is an SSL certificate authority managed by the Internet Security Research Group.
Web server NGINX is a free, open-source, high-performance HTTP server.
You can use HTTPS (an extension of HTTP with SSL / TLS encryption) on your website to secure connection.
Install packages:
apt update
apt install -y \
python-software-properties software-properties-common
add-apt-repository ppa:certbot/certbot
apt update apt install -y \
certbot
Add the location for Let’s Encrypt in server section of your site’s nginx config:
server {
...
# Let's Encrypt
location ^~ /.well-known/acme-challenge/ {
root /path/to/static/;
add_header Cache-Control public;
allow all;
}
...
}
Reload nginx configuration
systemctl reload nginx
Get certifies from Let’s Encrypt
certbot certonly -a webroot \
--webroot-path=/path/to/static/ \
-d DOMAIN_NAME -d www.DOMAIN_NAME
/path/to/static/ is the same directory which we define in nginx config.
Enable https in NGINX config:
server {
listen 443 ssl;
server_name DOMAIN_NAME www.DOMAIN_NAME;
# SSL cert
ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem;
# Let's Encrypt location
^~ /.well-known/acme-challenge/ {
root /path/to/static/;
add_header Cache-Control public;
allow all;
}
...
# Here you can place your locations.
}
Reload nginx configuration
systemctl reload nginx