post-image

Setup Certbot on Your Server and Install a SSL Certificate with AutoRenewal

I am going to show you how to setup certbot on your server, and install a free SSL certificate using it for your domain. We will also make sure that all requests are redirected to the HTTPS version of your site, with www. Also to note that I am running Ubuntu 16.04, and have nginx setup as my web server.

My nginx default configuration (/etc/sites-available/default) looks like this:

server {
    server_name example.com.au;
    return 301 https://www.example.com.au$request_uri;
}

server {
    server_name www.example.com.au;
    location / {
         proxy_set_header   X-Real-IP  $remote_addr;
         proxy_set_header   Host       $http_host;
         proxy_pass         http://127.0.0.1:3000;
     }
}

There are a few pre-requisites to make sure of before your proceed with installing the certificate, so that things go smoothly:

  • Make sure /etc/nginx/sites-available is named default. If you have created a custom configuration with a changed filename then certbot will have a difficult time finding the file and writing to it.
  • Make sure that you have configured the redirect from non-www to www within nginx (otherwise certbot cannot write to both server_names).
  • Make sure that your domains DNS points to your server, otherwise certbot cannot verify ownership of the domain name.
  • After any edits to your nginx configuration, make sure to reload nginx by running sudo service nginx restart.

Ok so with the pre-requisites out of the way we are going to setup certbot and install a SSL certificate, run the following commands in your terminal:

This will add the certbot repository

sudo add-apt-repository ppa:certbot/certbot

This will update the repository

sudo apt-get update

This will install the certbot package for nginx

sudo apt-get install python-certbot-nginx

Setup the SSL certificate for your domain (replacing example.com with your actual domain)

sudo certbot --nginx -d example.com -d www.example.com

Run through the setup and choose option 2 when it asks if you would like certbot to edit your nginx /etc/sites-available/default configuration and setup redirects correctly.

The certbot package installed will check twice a day if the certificate needs to be renewed, and it will renew the certificate automatically when needed.

author
Jeremy Stocker
Passionate about web development and working with the latest technologies including React, Node, AWS & WordPress.
Address

45 St Georges Terrace
Perth, AU 6000

View on Google Map
Contact

Give me a call on

0498 127 791

Or reach me by email

jeremy@krucial.com.au

© 2018 Krucial Australia.