HTTPS with NginX and Let’s Encrypt5 Sep 2017
Why HTTPS Matter?
- HTTPS protects the privacy and security of your users
- Requirement for implementing HTTP/2
- Higher rankings in search engine result
- Negative perception from Chrome users, Chrome will mark website as non-secure for non https
- HTTPS is the future of the web (service worker, getUserMedia, etc)
To implement HTTPS, you will need to perform the following steps: - Obtain and install the necessary security certificate: - Update your webserver configuration to use this certificate
Thanks to Let’s Encrypt we can get free SSL certificate.
So What is Let’s Encrypt?
Let’s Encrypt is a free, automated, and open Certificate Authority
There are few tools to setup SSL with Let’s Encrypt, but here I use the official tool called Certbot.
On Ubuntu systems, you need add Certbot PPA then install python-certbot-nginx package.
$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-nginx
After installing the Cerbot Nginx plugin, you can obtain and install certificate:
$ sudo certbot --nginx
Cerbot will get certificate for you and edit your Nginx configuration automatically to serve it, plus restart your Nginx server.
Since Let’s Encrypt certificate will be valid for 90 days, you need to renew your certificates before they expire. You can arrange for automatic renewal by adding a cron or systemd job which runs the following:
$ sudo crontab -e
Add this line to your cron job:
12 3 * * * certbot --quiet renew