Manage SSL certificates for your websites with Certbot and Nginx
Abstract
Hi everyone. Thank you for tuning in. SSL certificates play a critical role in securing our websites. Nginx is a popular choice as a free and open-source web server. And Certbot is a free and open certification tool from Let’s Encrypt. In this article, we will be discussing how to use Certbot with Nginx to obtain and renew SSL certificates for our websites, so that we may allow HTTPS traffic to those sites. I hope the journey will be interesting. So Let’s dig in.
Table of Contents
In this post we will discuss the following-
Let us discuss the prerequisite first before jumping in. I am assuming that you are already having a domain/sub-domain registered that is pointed to an up and running Ubuntu Server IP address. If you don’t – then please follow the previous tutorial to configure and launch an Ubuntu AWS EC2 instance (free for up to 1 year). This EC2 instance will be good enough for a small-scale application or a website like a blog or a portfolio site.
The Nginx Server also has to be pre-configured to serve the target websites. Certbot looks for the exact server block for the target website in the Nginx configuration to configure SSL. It looks for the server name directive that matches the domain name of your target website. If you do not have Nginx server configured for your site – please check this article to learn how to Containerize and serve a website with Docker and Nginx in Ubuntu.
You may also check out the complete tutorial series to get the end-to-end hands-on experience – where we will walk you through all the steps from configuring and launching an AWS EC2 instance – to hosting a containerized website and securing it with an SSL certification.
It is recommended to use the snap package for Certbot installation, as it works well with almost all Linux distributions. Ubuntu 22.04 already includes snaps by default. However, it is better to make sure that the snapd core is updated, so that we may install or update it as needed. Then let’s check if any older version of the certbot is already installed. In that case, we may remove it first and then install cerbot with snap. Finally, we will create a soft-link between the snap install directory for certbot command and the path for user, so that we may run it by just typing certbot.
#-----------Install Sanp -----------
sudo snap install core
sudo snap refresh core
#-----------Remove old certbot -----------
sudo apt remove certbot
#-----------Install Certbot -----------
sudo snap install --classic certbot
#create a softlink between snap directory and user-path
sudo ln -s /snap/bin/certbot /usr/bin/certbot
To confirm whether the nginx configuration for the target site is okay or not, we need to check a few things first. If you do not have it configured – please follow this article to learn how to containerize and serve a website with Docker and Nginx in Ubuntu. If you are not sure – please check the following.
We need to check if there is a server block for the website domain-name (for our case: service.analyticalman.com) at the site-available directory of Nginx. In that configuration file, the server-name has to be set to the domain-name correctly. The configuration file may also contain other information like proxy-port. If the configuration file exists and the info is correct, we are good to go. Otherwise, we may create one according to this article. Once everything is checked, we may finally verify the nginx configuration (sudo nginx -t) which will show a success message. If any error occurs, we may reopen the server block file (service.analyticalman.com) and check for issues like missing characters or typos. Once everything looks okay, we may then reload Nginx to reflect the corrected configuration.
#-----To check Nginx Configuration----------
# Check if configuration file for the target site is avaiable and all info is correct
sudo nano /etc/nginx/sites-available/service.analyticalman.com # Replace with your domain-name
# Verify the nginx configuration
sudo nginx -t # Will show a success message if everything is ok
# Reload nginx
sudo systemctl reload nginx