Nginx HTTPS in 15 mins

Two weeks ago, I’ve added free https certificate to my pet project. It was super simple, and it was setup in 5-10 mins!

Sounds great? Let’s check how we can do it.

Let’s add packages first to our Ubuntu 16.04 system:

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx 

Next, we should generate https configs for NGINX:

sudo certbot --nginx

This command will rewrite your nginx config and add options to use https.

Here you can see part of nginx conf, edited by certbot:

listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

Install script will ask you about redirect from http to https, so you can make a decision and configuration lines will be added.

But we can just generate certificates without touching your configs, so you can edit them manually:

sudo certbot --nginx certonly

That’s all!

Let’s Encrypt certificates need to be renewal sometimes. You can just add this command to your crontab:

$ sudo certbot renew --dry-run