How to Secure Nginx with Let’s Encrypt

You may need this one ubuntu tutorial, which is Securing Nginx. Let’s Encrypt is a new Certificate Authority (CA) that provides an easy way to install TLS/SSL certificates for free, Making it possible HTTPS website encrypted on the web server?

In our hosting setup tutorial, we’ll show you how to use Certbot to get a free SSL certificate and use it with Nginx on Ubuntu 14.04 LTS. We will also show you how to automatically renew an SSL certificate with Best Hosting in Indonesia.

Step 1 — Install Certbot

The first step of the hosting tutorial for using Let’s Encrypt to get SSL is to install the certbot software on your server. Because Certbot uses this repository to install Certbot which is newer than the one provided by Ubuntu.

  • First, add the repository :
sudo add-apt-repository ppa:certbot/certbot
  • Update the package list to find out the new repository information:
sudo apt-get update
  • Now install cerbot :
sudo apt-get install python-certbot-nginx

Step 2 — Setting up Nginx

  • To add a nameserver, change the default config:
sudo nano /etc/nginx/sites-available/default
server_name localhost;
  • replace localhost with domain name

  • Save and then return to the main page, check the configuration above by:
sudo nginx -t
  • If when nginx –t is run and there are no errors, reload nginx to do a new configuration

service nginx reload

Step 3 — Obtaining an SSL Certificate

  • The Nginx plugin will reconfigure Nginx and reload the configuration whenever needed by:
sudo certbot --nginx -d -d
  • Running the –nginx plugin, using -d to specify the name we want the certificate to be valid for.

If this is your first time running certbot, you will be asked to enter your email address and agree to the terms of service. After doing so, certbot will communicate with the Encryption server. Then you can run the domain verification that is already installed in Best Hosting in Indonesia

you currently.

  • If successful, certbot will ask for HTTPS settings configuration

Please choose whether HTTPS access is required or optional.


1: Easy - Allow both HTTP and HTTPS access to these sites

2: Secure - Make all requests redirect to secure HTTPS access


Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
  • Select your choice then press ENTER. The configuration will be updated, and Nginx will reload to fetch the new config. Certbot will notify that the process was successful


- Congratulations! Your certificate and chain have been saved at

   /etc/letsencrypt/live/ Your cert will

   expire on 2017-10-23. To obtain a new or tweaked version of this

   certificate in the future, simply run certbot again with the

   "certonly" option. To non-interactively renew *all* of your

   certificates, run "certbot renew"

- Your account credentials have been saved in your Certbot

   configuration directory at /etc/letsencrypt. You should make a

   secure backup of this folder now. This configuration directory will

   also contain certificates and private keys obtained by Certbot so

   making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:

   Donating to EFF:          

id="langkah-4-update-diffie-hellman-parameters">Step 4 — Update Diffie-Hellman Parameters

  • Create a file using openssl
  sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
  • This will take a while, up to a few minutes. Once done, open the Nginx configuration file containing your server block. In our example, this is the default configuration file:
sudo nano /etc/nginx/sites-available/default

. . .

ssl_dhparam /etc/ssl/certs/dhparam.pem;
  • Save and return to start page, verify configuration
sudo nginx –t
  • If there are no errors, reload Nginx
sudo service nginx reload

Step 5 — Setting Up Auto Renew

The script above is only valid for ninety days. This config will make it easier for users to automate the renewal process. A command that is run regularly to check for expired certificates and renew them automatically.

  • To run a check update every day, we will use cron, a standard system service to run periodic jobs. We tell cron what to do by opening and editing a file called crontab
sudo crontab –e
  • Your text editor will open a default crontab which is a text file with some help text in it. Copy paste the config below and place it on the line at the end of the file, then save and close it:

. . 15 3 * * * /usr/bin/certbot renew --quiet

The meaning of the above script is “execute the following command at 3:15 am, every day”. You can choose at any time for the Best Hosting Indonesia.

Cron will now run this command daily. All installed will be automatically renewed and reloaded when they are thirty days or less before expiration Best Hosting in Indonesia You.

Create by Ipadguides in category of Website