How to Use Let’s Encrypt Free SSL with NGINX
Nowadays to protect your website, you need to buy some type of protection or security service. Most websites use an SSL / TLS Certificate to protect sensitive data from possible threats. What is an SSL certificate?
Basically, an SSL is a tool that you can bind to your website and it will make it safe for your visitors to access it. An SSL certificate will encrypt your visitor’s data to make it safe for anyone to use the site.
Here’s an example, so you can understand the process easier: Let’s say you have an online store set up and you’re selling something (it doesn’t matter what).
A visitor decides to purchase a product from your store. To do so, he must pay for it first (most of the time). This is done by entering his/her credit card information in a request form on your checkout page.
But what happens when the data was entered and sent to process the payment? If you don’t have a security feature installed (SSL / TLS), the credit card data could be intercepted by an unwanted person.
Simply put, someone could hack your buyer’s card data and use it as his own. I don’t have to tell you how bad that could turn out.
An SSL certificate makes sure that such things will never happen. The SSL will encrypt your visitor’s sensitive data, in this case his credit card information.
The only ones who can access this info is your store’s website and the destination server (payment processor). There’s no intermediary who can access this data, due to the encryption.
If you have an SSL installed on your website, no matter what type of website that is, the people visiting it will feel much safer using it. They can easily know if you have this certificate installed or not. How?
From the address bar. Any site that owns an SSL has written in the URL: HTTPS. Other sites only have HTTP, without the S letter. Besides, using an SSL will do a lot of good for your site’s traffic as well.
If your visitors can clearly see that you care about their security while on the site, they will come back more often. Even search engines like Google will rank your website higher in the search results, because of the SSL certificate.
Would you believe me if I told you that securing a website can be done without any cost? If you’re answer is no, then let me tell you that it’s totally possible.
Yes, without paying a dime. In this article you’ll find out how to protect your website efficiently for free. We’ll cover a popular SSL provider called Let’s Encrypt. You’ll also see how it is used with the NGINX web server.
What is Let’s Encrypt
But first, let’s see what is Let’s Encrypt. They are a free to use (open-source) service that give you the ability to have an SSL on your website for free. The basic goal for this service is to give any site owner the possibility to have a secure website for free. That’s right, for free.
What are some of the perks with using this service? For instance, everything is done automatically. The installation and renewal can all be completed automatically, without the need for too much technical knowledge. This is good news for many users.
Something else that comes with almost any open-source platform is a community. Let’s Encrypt also has a large community behind it that can help you out, if you stumble upon problems when first using the service.
But if the community has no answer for the issue, the documentation is still there to help. Let’s Encrypt comes with a detailed documentation covering everything from installation to the smallest detail about this tool. Of course, this is most useful if you’re used to doing things on your own.
You may be wondering, if this service is reliable and safe enough, since it’s free to use. Put simply: yes, it is. There’s a reason why so many companies consider Let’s Encrypt a competitor in this field.
They use 2048-bit encryption, but you can go for a 4096-bit encryption too. This is a highly secure configuration for an SSL. But if you do everything as suggested in the documentation, your site should be safe from all threats.
What is NGINX
But let’s talk about NGINX now, and how it’s used with Let’s Encrypt. If you want to set up your own web server, then NGINX could be a good choice for you.Just like Let’s Encrypt, NGINX is also an open-source software, but this one is used to create your own web server from home.
It is used by more than 400 million website all around the globe and it powers more than 60% of the world’s top 10,000 websites. These numbers should give you a good idea about the software’s capabilities.
Most people use NGINX as a way to test their web applications. These are uploaded to the server and tested in a real-life environment. To be sure everything works fine and safely, you need to install an SSL certificate on NGINX. This is where Let’s Encrypt comes into the picture.
Using Let’s Encrypt and NGINX together
Now let’s move on and see how you can use these 2 tools together. If you have your own web server set up, installing an SSL using Let’s Encrypt isn’t as hard as you might think. I’ll walk you through the process here.
First of all, you need to install NGINX on your domain. So, yes you should own a domain name first. Once you have that in place, just install NGINX from the official website.
They have 2 variants available: one is the simple NGINX server, the other one is called NGINX Plus. The difference is that NGINX Plus comes with more features out of the box, than the simple version. But for starting out, the first one should be good to go.
When the installation is completed, you can use NGINX to run your web applications like on a normal web server. It is totally usable without an SSL, just like any website. But to make it more secure, let’s see how you can add Let’s Encrypt free SSL to you server.
Before anything, you have to download the Let’s Encrypt Client to your computer. To do this, just download certbot. After this is done, you must create your certbot repository. Enter the following command line:
- $ add-apt-repository ppa:certbot/certbot – this will create your repository for certbot
Next, you need to install certbot by entering these commands:
- $ apt-get update
- $ apt-get install python-certbot-nginx
Your Let’s Encrypt Client is now ready for usage. The next step is to set up NGINX. To do this, I’ll assume you’re installing it for the first time. First, you have to create a file called www.example.com.conf int the folder /etc/nginx/conf.d. This file is just an example, that is why I call it that; you can just give it a real name as you’d like to.
In this file you need to type in the following code:
listen 80 default_server;
listen [: :] : 80 default_server;
server_name example.com www.example.com;
Now, save this file and run the command: $ nginx –t && -s reload. This will verify if your syntax is correct and restart nginx.
Next you need to obtain the SSL certificate. This is done by entering the command:
$ sudo certbot –nginx –d example.com -d www.example.com
Once all is done, NGINX will restart and display a message containing the location of the certificate on your server. This is all that needs to be done to have Let’s Encrypt SSL installed on NGINX web server.
To be sure everything will work fine, you have to renew your certificate for NGINX every 90 days. You can do this manually, which is the simplest method. Let me show you how:
Just type in the command line certbot renew. This is a quick and easy way to renew the certificate. The command I just mentioned will look around your server for all the available SSL certificates. When it finds one that is expired or is close to expire, it’s going to renew it automatically. You don’t have to look for them by yourself.
But if you want to renew a specific SSL certificate, you have to use the command:
certbot certonly – force renew – d: Here you list all the domain names that have an SSL installed and need to be renewed. You can type in as many as you want, the criteria being that the listed domains must possess an SSL certificate.
Now you know how to install NGINX web server and Let’s Encrypt free SSL on it. If you do everything right, you should have a web server up and running, where you can test your web applications in a safe, real world environment.