Prerequisites
1. first your nginx server must be publicly accessible via a public ip. If not you will get an authentication error when creating the certificate via lets-encrypt.
Install nginx and check accessibility from publicly internet.
2. CN(certificate name or your domain name) must be correctly redirect to your publicly accessible nginx server.
Create an A record from your cloud console( if you are using any )
Step 1
First install required repositories to download cert-bot
xxxxxxxxxxxxxxxxx$ sudo add-apt-repository ppa:certbot/certbot
This is the PPA for packages prepared by Debian Let’s Encrypt Team and backported for Ubuntu(s).
Press [ENTER] to continue or ctrl-c to cancel adding it
— -
gpg: no valid OpenPGP data found.
Below are some errors I faced,
Error,
xxxxxxxxxxxxxxxxx$ sudo add-apt-repository ppa:certbot/certbot
sudo: add-apt-repository: command not found
Solution,
xxxxxxxxxxxxxxxxx$ sudo apt-get install software-properties-common
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
…
xxxxxxxxxxxxxxxxx$ sudo apt-get update
…
Reading package lists… Done
Error,
xxxxxxxxxxxxxxxxx$ sudo add-apt-repository ppa:certbot/certbot
…
gpg: keyserver receive failed: No dirmngr
Solution,
xxxxxxxxxxxxxxxxx$ sudo apt-get install dirmngr
Reading package lists… Done
Building dependency tree
…
Steps 2
Install cert-bot packages
xxxxxxxxxxxxxxxxx$ sudo apt-get install python-certbot-nginx
Reading package lists… Done
Building dependency tree
Reading state information… Done
…
Step 3
lets assume that our ssl certificate domain name is mysampledomain.com . Please note that you must register your domain before continue with lets-encrypt.
go to /etc/nginx/sites-available folder and create a file named mysampledomain.com
add below content to the file,
server {
listen 443 ssl;
server_name mysampledomain.com;
…
<remaining code here>
}
save the file.
Step 4
test the configuration,
xxxxxxxxxxxxxxxxx$ sudo nginx -t
Restart nginx service if test is pass.
xxxxxxxxxxxxxxxxx$ sudo systemctl restart nginx
xxxxxxxxxxxxxxxxx$ sudo systemctl status nginx
● nginx.service — A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Mon
Step 5
now you can create lets-encrypt certificate using certbot command,
xxxxxxxxxxxxxxxxx$ sudo certbot — nginx -d mysampledomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel):
- — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -
Please read the Terms of Service at
(A)gree/©ancel: A
- — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -
Would you be willing to share your email address with the Electronic Frontier
- — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -
(Y)es/(N)o: N
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — -
Select the appropriate number [1–2] then [enter] (press ‘c’ to cancel): 2
Congratulations! You have successfully enabled
its done now. Check in etc sites-enabled/default file for ssl 443 configuration created by lets-encrypt cert-bot . You can write you own rules for load balancing using that part.