To set up SSL for a specific domain on your Nginx server using a free SSL certificate from Let's Encrypt, we can follow these steps:
Step 1: Install Certbot and Nginx Plugin
First, make sure you have Certbot and the Nginx plugin installed. The installation process varies depending on your Linux distribution.
On Ubuntu/Debian:
sudo apt update
sudo apt install certbot python3-certbot-nginx
Step 2: Obtain an SSL Certificate for Your Specific Domain
Run Certbot with the Nginx plugin to obtain and install the certificate for your specific domain.
sudo certbot --nginx -d your_domain.com
Replace your_
domain.com
with your actual domain name. Certbot will prompt you to provide an email address for urgent renewal and security notices, and to agree to the terms of service.
Step 3: Configure Nginx to Use the SSL Certificate
Certbot can automatically configure Nginx for you, but you might need to manually adjust your Nginx configuration if needed. Here’s an example of what your Nginx server block might look like:
server {
listen 80;
server_name your_domain.com www.your_domain.com;
location / {
# Redirect all HTTP requests to HTTPS
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name your_domain.com www.your_domain.com;
ssl_certificate /etc/letsencrypt/live/your_domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your_domain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/your_domain.com/chain.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
# Your existing Nginx configuration for handling requests
}
}
Replace your_
domain.com
with your actual domain name.
Step 4: Reload Nginx
After configuring Nginx, reload the service to apply the changes:
sudo systemctl reload nginx
Step 5: Verify SSL Installation
Visit your website using https://your_domain.com
to verify that the SSL certificate is installed correctly and the connection is secure.
Step 6: Set Up Automatic Renewal
Let’s Encrypt certificates are valid for 90 days. Certbot sets up a cron job or systemd timer to handle automatic renewals. To test the automatic renewal process, you can run:
sudo certbot renew --dry-run
If the dry run completes without errors, the automatic renewal is working correctly.
By following these steps, you can set up SSL for a specific domain on your Nginx server using a free certificate from Let's Encrypt.
Thanks for reading.