Sep 07, 2018 Step 2 — Configuring Nginx to Use SSL. We have created our key and certificate files under the /etc/ssl directory. Now we just need to modify our Nginx configuration to take advantage of these. We will make a few adjustments to our configuration. We will create a configuration snippet containing our SSL key and certificate file locations. How to create SSL Certificate on Nginx for CentOS 6. The SSL (Secure Socket Layer) is a method to encrypt the site’ s information through HTTPS protocol. The certificate can also show the virtual private server' s identification information to site visitors. The Certitificate Authorities can issue SSL certificated that verify the server' s.
Introduction: Let’s Encrypt is an SSL certificate authority. One can get a free SSL/TLS certificate with it. Let’s Encrypt root, ISRG Root X1 directly adopted by Microsoft, Google, Apple, Mozilla, Oracle, Blackberry and other vendors. This page shows how to secure Nginx with Let’s Encrypt on Ubuntu 18.04 and use DNS to validate your domain to obtain an SSL/TLS certificate.
Advertisements
Secure Nginx with Let’s Encrypt on Ubuntu 18.04 with DNS Validation
The procedure to install Let’s Encrypt to create SSL certificates is as follows:
Let us see all steps in details.
Step 1. Install acme.sh client
Naturally, the first step is to install the acme.sh software to get an SSL certificate. Install requied software using the apt command or apt-get command:
$ sudo apt-get install git bc wget curl Dvd cloner 2013 key generator. Clone the repo$ cd /tmp/
Install acme.sh client
Windows 10 enterprise 64 bit product key generator free. download full.
$ cd acme.sh/ After install, you must close current terminal and reopen again to make the alias take effect. Or simply type the source command: $ sudo -i Step 2. Configure Nginx server for SSL/TLS
Use the mkdir command to create directories to store certificate for our domain named cms.cyberciti.biz:
# mkdir -pv /etc/nginx/ssl/letsencrypt/cms.cyberciti.biz/
Generate dhparams.pem file
You are going to use a strong Diffie-Hellman (DH) group, regardless of the server software. Run the openssl command to speed up dhparams generation on Ubuntu 18.04 LTS:
# cd /etc/nginx/ssl/letsencrypt/cms.cyberciti.biz/ Configure TLS/SSL on Nginx web Server
Update a file named http.cms.cyberciti.biz.conf using a text editor such as nano command or vim command for both port 80 and 443:
# nano /etc/nginx/sites-available/https.cms.cyberciti.biz.conf OR # vim /etc/nginx/sites-available/https.cms.cyberciti.biz.conf Append the following config: Step 3. Issue and create an SSL Certificate on Ubuntu for Nginx using DNS method
DNS method allows you to issue an SSL/TLS certificate when having multiple web server running behind a load balancer. You need to use API provided by your DNS service provider to use the DNS validation method with Let’s Encrypt. Here is a list of supported DNS providers:
Cloudflare DNS example
For demonstration purpose, I am going to use Cloudflare DNS. First, get your Cloudflare API keys by visiting this page. Type the following commands:
Let’s issue a cert for domain cms.cyberciti.biz
The syntax is:
# acme.sh --issue --dns dns_cf -d www.example.com Install the issued certificate to Nginx web server
It is time to install certificate and reload the nginx server:
# acme.sh --installcert -d cms.cyberciti.biz Test it
Open Nginx server tcp port # 443 if not already opened using the ufw command based firewall:
$ sudo ufw allow https comment 'Open all to access Nginx port 443' Fire a web browser and type the url: https://cms.cyberciti.biz/ Or visit SSL labs to test your TLS/SSL config: How do I renew a certificate?# acme.sh --renew -d cms.cyberciti.biz
A note about cron job
A cron job will try to do renewal a certificate for you too. This is installed by default as follows (no action required on your part):
How do I upgrade acme.sh client?# acme.sh --upgrade
ConclusionCertificate Installation Generate Key Nginx Digitalocean Password
There you have it, you just secure Nginx with Let’s Encrypt on Ubuntu 18.04 with DNS validation. You installed Let’s Encrypt free SSL/TLS certificate. You learned how to install acme.sh client, issue SSL certificates for given domain name, configured Nginx. For more info see acme.sh client project page here.
Nginx Certificate ConfigThis entry is 2 ofDigitalocean Nginx Setup2 in the Linux, Nginx, MySQL, PHP (LEMP stack) in Ubuntu 18.04 LTS Tutorial series. Keep reading the rest of the series:![]()
ADVERTISEMENTS
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |