We'll be using Let's Ecrypt SSL Certificate to host our website on HTTPS using an SSL certificate.
Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge.
We assume that you already have your website up and running at your Virtual Machine's IP address. If you haven't done so, you can follow this tutorial in case you haven't.
We also assume that you have either nginx or apache web server which is being used to host the website. This tutorial shows you the configuration for both the servers and you should follow only the part specific to the web server you're using.
Before we generate the SSL certificate, we need to make sure that the website's DNS record holds the A record for the website. To do so, you can go to your domain provider or hosting provider, depends upon what service you use to create DNS records, then add an A record at the domain you want your website to be hosted at. It can be the root domain such as https://semikolan.co or any subdomain such as https://blog.semikolan.co.
Your DNS record should look something like ->
This is a screenshot in Porkbun which is our DNS provider, the TTL and Priority can vary according to your needs.
We can use this command to download Certbot Repository:
sudo apt-get install snapd
sudo snap install core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Here we've used snapd to install certbot which is recommended by certbot, you can also use pip and other methods available here.
We can now generate our SSL Certificate and automatically change our web server config files using:
sudo certbot --nginx
for nginx or
sudo certbot --apache
for Apache. You can also learn more at the certbot website mentioned above.
Note that you only need to execute one of the above command depending on the webserver you're using.
This command will generate the certificate for domain name you've provided in the certbot details.
You will also be prompted to share your contact email address and other minor details. You can also opt out of sharing your email.
You can then also check your SSL certificate using:
cd /etc/letsencrypt/live/semikolan.co
ls
where you'll see files such as cert.pem, chain.pem etc.
You can also make sure that the nginx or apache config files are modified properly using
sudo nano /etc/nginx/sites-enabled/semikolan.co
for nginx. You should see something like
ssl_certificate /etc/letsencrypt/live/semikolan.co/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/semikolan.co/privkey.pem;
or
sudo nano /etc/apache2/sites-enabled/semikolan.co
for apache where you should see something like
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/semikolan.co/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/semikolan.co/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/semikolan.co/chain.pem
You can also configure these details manually.
You should also restart your server, for nginx use:
sudo systemctl restart nginx
sudo nginx -t
which should show you that nginx is serving.
You can restart apache server using:
sudo service apache2 restart
Now we have eveything set up and you should see the site live at your domain, which in my case is https://semikoan.co
Relavent Tags: DevOps, Nginx, Linux, Ubuntu, Apache