Two weeks ago, I’ve added free https certificate to my Evendy.ru pet project. It was super simple, and it was setup in 5-10 mins!
Sounds great? Let’s check how we can do it.
Let’s add packages first to our Ubuntu 16.04 system:
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx
Next, we should generate https configs for NGINX:
sudo certbot --nginx
This command will rewrite your nginx config and add options to use https.
Here you can see part of nginx conf, edited by certbot:
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/evendy.ru/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/evendy.ru/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
Install script will ask you about redirect from http to https, so you can make a decision and configuration lines will be added.
But we can just generate certificates without touching your configs, so you can edit them manually:
sudo certbot --nginx certonly
That’s all!
Let’s Encrypt certificates need to be renewal sometimes. You can just add this command to your crontab:
$ sudo certbot renew --dry-run