{"id":892,"date":"2021-02-15T04:56:54","date_gmt":"2021-02-15T04:56:54","guid":{"rendered":"https:\/\/www.velaninfo.com\/rs\/?post_type=techtips&p=892"},"modified":"2021-02-16T12:56:40","modified_gmt":"2021-02-16T12:56:40","slug":"how-to-secure-nginx-with-lets-encrypt-on-ubuntu","status":"publish","type":"techtips","link":"https:\/\/www.velaninfo.com\/rs\/techtips\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu\/","title":{"rendered":"How to Secure Nginx with Let’s Encrypt on Ubuntu?"},"content":{"rendered":"

How to Secure Nginx with Let’s Encrypt on Ubuntu?<\/strong><\/p>\n

Let\u2019s Encrypt is a Certificate Authority (CA) that provides a free TLS\/SSL certificates, thereby enabling encrypted HTTPS on web servers. The process of obtaining and installing a certificate is fully automated on both Apache and Nginx.<\/p>\n

The following steps describe how to configure Let\u2019s Encrypt SSL for Nginx<\/p>\n

We need to ensure proper DNS records are setup for the server so that automatic installation can obtain the SSL. An A record with\u00a0velaninfo.com\u00a0& www.velaninfo.com<\/a> pointed to our server\u2019s public IP address.<\/p>\n

Install the Certbot software on the server to use Let\u2019s Encrypt to obtain the SSL certificate<\/p>\n

The next step is to add the repo using the following command<\/p>\n

$ sudo add-apt-repository ppa:certbot\/certbot<\/em><\/p>\n

Install Certbot\u2019sNginx package<\/p>\n

$ sudo apt install python-certbot-nginx<\/em><\/p>\n

The next step is to confirm Nginx is properly configured so that the SSL is installed automatically.<\/p>\n

$ sudonano \/etc\/nginx\/sites-available\/velaninfo.com<\/em><\/p>\n

server_name velaninfo.com.com www.velaninfo.com<\/a>;<\/p>\n

If the above entry exist, exit your editor and move on to the next step.<\/p>\n

Verify the syntax of your configuration edits:<\/p>\n

$ sudonginx \u2013t<\/em><\/p>\n

Reopen the server block file and check for any typos or missing characters if you see an error. Reload Nginx to load the new configuration<\/p>\n

$ sudosystemctl reload nginx<\/em><\/p>\n

Certbot can now find the correct\u00a0server\u00a0block and update it.<\/p>\n

If you have ufw enabled in your server please follow below steps to allow https request from external network.<\/p>\n

$ sudoufw status<\/em><\/p>\n

Output<\/em><\/strong><\/p>\n

Status: active<\/em><\/p>\n

To\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Action\u00a0\u00a0\u00a0\u00a0\u00a0 From<\/em><\/p>\n

—\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ——\u00a0\u00a0\u00a0\u00a0\u00a0 —-<\/em><\/p>\n

OpenSSH\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ALLOW\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Anywhere<\/em><\/p>\n

Nginx HTTP\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ALLOW\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Anywhere <\/em><\/p>\n

OpenSSH (v6)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ALLOW Anywhere (v6) <\/em><\/p>\n

Nginx HTTP (v6)\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ALLOW\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Anywhere (v6)<\/em><\/p>\n

Please execute below commands to allow Nginx https traffic through ufw.<\/p>\n

$ sudoufw allow ‘Nginx Full’<\/em><\/p>\n

$ sudoufw delete allow ‘Nginx HTTP’<\/em><\/p>\n

The Nginx plugin will take care of reconfiguring Nginx and reloading the configuration whenever necessary. To use this plugin, type the following:<\/p>\n

$ sudocertbot –nginx -d velaninfo.com -d <\/em>www.velaninfo.com<\/em><\/a><\/p>\n

Output<\/em><\/strong><\/p>\n

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.<\/em><\/p>\n

——————————————————————————-<\/em><\/p>\n

1: No redirect – Make no further changes to the webserver configuration.<\/em><\/p>\n

2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for<\/em>new sites, or if you’re confident your site works on HTTPS. You can undo this<\/em>change by editing your web server’s configuration.<\/em><\/p>\n

\n

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel):<\/em><\/p>\n

Select enter<\/em><\/p>\n

Output<\/strong><\/p>\n

IMPORTANT NOTES:<\/em><\/p>\n

– Congratulations! Your certificate and chain have been saved at:<\/em>\u00a0\u00a0 \/etc\/letsencrypt\/live\/velaninfo.com\/fullchain.pem<\/em><\/p>\n

Your key file has been saved at:<\/em><\/p>\n

\/etc\/letsencrypt\/live\/velaninfo.com\/privkey.pem<\/em><\/p>\n

Your cert will expire on 2018-07-23. To obtain a new or tweaked<\/em>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/em><\/p>\n

version of this certificate in the future, simply run certbot again<\/em><\/p>\n

with the “certonly” option. To non-interactively renew *all* of<\/em><\/p>\n

your certificates, run “certbot renew”<\/em><\/p>\n

– Your account credentials have been saved in your Certbot<\/em><\/p>\n

configuration directory at \/etc\/letsencrypt. You should make a<\/em><\/p>\n

secure backup of this folder now. <\/em><\/p>\n

This configuration directory will<\/em><\/p>\n

also contain certificates and private keys obtained by Certbot so<\/em><\/p>\n

making regular backups of this folder is ideal.<\/em><\/p>\n

– If you like Certbot, please consider supporting our work by:<\/em><\/p>\n

Donating to ISRG \/ Let’s Encrypt:\u00a0\u00a0 https:\/\/letsencrypt.org\/donate<\/em><\/p>\n

The\u00a0Certbot\u00a0package we installed takes care of this for us by adding a renew script to\u00a0\/etc\/cron.d. This script runs twice a day and will automatically renew any certificate that\u2019s within thirty days of expiration. The SSL certificate is valid for 90 days.<\/p>\n

you can do a dry run with\u00a0Certbot to test the renewal process<\/p>\n

$ sudocertbot renew –dry-run<\/em><\/p>\n

If you see no errors, you\u2019re all set.<\/p>\n

At Velan<\/strong>, our server support engineers can help you securing Nginx with Let\u2019s Encrypt SSL. We troubleshoot problems like these for our clients every day.\u00a0If you are interested in our service, please fill the Quick connect<\/strong><\/a> form to get in touch with us<\/p>\n","protected":false},"excerpt":{"rendered":"

How to Secure Nginx with Let’s Encrypt on Ubuntu? Let\u2019s Encrypt is a Certificate Authority (CA) that provides a free TLS\/SSL certificates, thereby enabling encrypted HTTPS on web servers. The process of obtaining and installing a certificate is fully automated on both Apache and Nginx. The following steps describe how to configure Let\u2019s Encrypt SSL… Continue Reading \"Continue<\/a><\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"footnotes":""},"tags":[],"class_list":["post-892","techtips","type-techtips","status-publish","hentry","Categories_tech_tip-security"],"yoast_head":"\nHow to Secure Nginx with Let's Encrypt on Ubuntu | Velan<\/title>\n<meta name=\"description\" content=\"Steps to Secure Nginx with Let's Encrypt on Ubuntu\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.velaninfo.com\/rs\/techtips\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Secure Nginx with Let's Encrypt on Ubuntu?\" \/>\n<meta property=\"og:description\" content=\"Steps to Secure Nginx with Let's Encrypt on Ubuntu\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.velaninfo.com\/rs\/techtips\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu\/\" \/>\n<meta property=\"og:site_name\" content=\"Velan\" \/>\n<meta property=\"article:modified_time\" content=\"2021-02-16T12:56:40+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.velaninfo.com\\\/rs\\\/techtips\\\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu\\\/\",\"url\":\"https:\\\/\\\/www.velaninfo.com\\\/rs\\\/techtips\\\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu\\\/\",\"name\":\"How to Secure Nginx with Let's Encrypt on Ubuntu | Velan\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.velaninfo.com\\\/rs\\\/#website\"},\"datePublished\":\"2021-02-15T04:56:54+00:00\",\"dateModified\":\"2021-02-16T12:56:40+00:00\",\"description\":\"Steps to Secure Nginx with Let's Encrypt on Ubuntu\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.velaninfo.com\\\/rs\\\/techtips\\\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.velaninfo.com\\\/rs\\\/techtips\\\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.velaninfo.com\\\/rs\\\/techtips\\\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.velaninfo.com\\\/rs\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Tech Tips\",\"item\":\"https:\\\/\\\/www.velaninfo.com\\\/rs\\\/techtips\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"How to Secure Nginx with Let’s Encrypt on Ubuntu?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.velaninfo.com\\\/rs\\\/#website\",\"url\":\"https:\\\/\\\/www.velaninfo.com\\\/rs\\\/\",\"name\":\"Velan\",\"description\":\"Velaninfo Services India Pvt Ltd\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.velaninfo.com\\\/rs\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How to Secure Nginx with Let's Encrypt on Ubuntu | Velan","description":"Steps to Secure Nginx with Let's Encrypt on Ubuntu","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.velaninfo.com\/rs\/techtips\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu\/","og_locale":"en_US","og_type":"article","og_title":"How to Secure Nginx with Let's Encrypt on Ubuntu?","og_description":"Steps to Secure Nginx with Let's Encrypt on Ubuntu","og_url":"https:\/\/www.velaninfo.com\/rs\/techtips\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu\/","og_site_name":"Velan","article_modified_time":"2021-02-16T12:56:40+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.velaninfo.com\/rs\/techtips\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu\/","url":"https:\/\/www.velaninfo.com\/rs\/techtips\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu\/","name":"How to Secure Nginx with Let's Encrypt on Ubuntu | Velan","isPartOf":{"@id":"https:\/\/www.velaninfo.com\/rs\/#website"},"datePublished":"2021-02-15T04:56:54+00:00","dateModified":"2021-02-16T12:56:40+00:00","description":"Steps to Secure Nginx with Let's Encrypt on Ubuntu","breadcrumb":{"@id":"https:\/\/www.velaninfo.com\/rs\/techtips\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.velaninfo.com\/rs\/techtips\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.velaninfo.com\/rs\/techtips\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.velaninfo.com\/rs\/"},{"@type":"ListItem","position":2,"name":"Tech Tips","item":"https:\/\/www.velaninfo.com\/rs\/techtips\/"},{"@type":"ListItem","position":3,"name":"How to Secure Nginx with Let’s Encrypt on Ubuntu?"}]},{"@type":"WebSite","@id":"https:\/\/www.velaninfo.com\/rs\/#website","url":"https:\/\/www.velaninfo.com\/rs\/","name":"Velan","description":"Velaninfo Services India Pvt Ltd","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.velaninfo.com\/rs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/techtips\/892","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/techtips"}],"about":[{"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/types\/techtips"}],"author":[{"embeddable":true,"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/comments?post=892"}],"version-history":[{"count":3,"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/techtips\/892\/revisions"}],"predecessor-version":[{"id":906,"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/techtips\/892\/revisions\/906"}],"wp:attachment":[{"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/media?parent=892"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.velaninfo.com\/rs\/wp-json\/wp\/v2\/tags?post=892"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

Donating to EFF:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/em>https:\/\/eff.org\/donate-le<\/em><\/a><\/p>\n