HTTPS with NginX and Let’s Encrypt

5 Sep 2017

Why HTTPS Matter?

• HTTPS protects the privacy and security of your users
• Requirement for implementing HTTP/2
• Higher rankings in search engine result
• Negative perception from Chrome users, Chrome will mark website as non-secure for non https
• HTTPS is the future of the web (service worker, getUserMedia, etc)

Implementing HTTPS

To implement HTTPS, you will need to perform the following steps: - Obtain and install the necessary security certificate: - Update your webserver configuration to use this certificate

Thanks to Let’s Encrypt we can get free SSL certificate.

So What is Let’s Encrypt?

Let’s Encrypt is a free, automated, and open Certificate Authority

There are few tools to setup SSL with Let’s Encrypt, but here I use the official tool called Certbot.

On Ubuntu systems, you need add Certbot PPA then install python-certbot-nginx package.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx

After installing the Cerbot Nginx plugin, you can obtain and install certificate:

$ sudo certbot --nginx

Cerbot will get certificate for you and edit your Nginx configuration automatically to serve it, plus restart your Nginx server.

Automating renewal

Since Let’s Encrypt certificate will be valid for 90 days, you need to renew your certificates before they expire. You can arrange for automatic renewal by adding a cron or systemd job which runs the following:

$ sudo crontab -e

Add this line to your cron job:

12 3 * * * certbot --quiet renew