Install Let’s Encrypt SSL on Debian 9 with Nginx webserver

Estimated reading time: 2 min

Introduction

In this tutorial, you will learn the procedure of TLS/SSL certificate installation on Nginx web server running on Debian 9 Stretch. Once you are finished, all traffic between the server and client will be encrypted and safe. This is a standard practice of securing e- commerce websites and other financial services online.

Prerequisites

Before you begin working with this guide you’ll need these:

  • SSH with non root but sudo user access to the Debian 9 Stretch VPS
  • The nginx web server with properly a domain and vhost configured

Step 1: Installing Let’sEncrypt certbot

The rst step to using Let’s Encrypt to obtain an SSL certificate is to install the certbot Let’s Encrypt client on your server. To install run this:

sudo apt-get install certbot

Step 2: Create and install the SSL certificates)

Certbot will handle the SSL certificate management quite easily, it will generate a

new certificate for a provided domain as a parameter.

In this case, example.com will be used as the domain for which the certificate will be issued:

sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com

IMPORTANT! The first domain should be your base domain, in this sample it’s example.com

While installing the certificate you will be presented with a step-by-step guide which will let you customize certificate details. You will be able to choose between forcing HTTPS or leaving HTTP as the default protocol, providing an email address will be required as well for security purposes. You may also do this with the auto-installation of the certbot by running:

sudo certbot --authenticator webroot --installer nginx

Step 3: Check the SSL certificate(s) configuration

At above stage your certi cate are created and configured. Now check your domain virtualhost con g le with the ssl is like this or not. If not then put these manually on virtualhosts ssl configuration:

...
listen 443 ssl http2; listen [::]:443 ssl http2;

server_name example.com www.example.com

ssl_certificate /etc/letsencrypt/live/<your-domain>/cert.pem
ssl_certificate_key /etc/letsencrypt/live/<your-domain>/privkey.pem
...

Now need to test as our configuration goes right with this –

sudo nginx -t

Finally, restart Nginx and You can taste that your SSL is working.

sudo systemctl reload nginx

Step 4: Setting up for the auto-renewal

The Certbot packages on your system come with a cron-job that will renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

sudo certbot renew --dry-run

Conclusion

Congratulations, you have just secured your Nginx web server by implementing the most anticipated security feature – free SSL certificates! From now on all traffic between your domain webserver and client is secure, you can be assured that no one could intercept the communication and alter or steal crucial information.

Was this article helpful?
Dislike 4
Views: 10460

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *