Install free SSL certificates on Nginx:
Buying SSL certificates cost between 10$ to 200$ for a year. We can avoid this. We can use free SSL certificates from letsencrypt. Let’s Encrypt is a free, automated, and open Certificate Authority. Even it is free still it is really safe. It is sponsored by many big companies. See the sponsor list here.
How to install SSL on Nginx on Ubuntu 14.04:
Install
On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you’ll need to do is apt-get the following packages.
|
1 2 3 |
$ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install certbot |
Get Started
Certbot supports a number of different “plugins” that can be used to obtain and/or install SSL certificates.
Since your server architecture doesn’t yet support automatic installation you should probably use the certonly command to obtain your certificate.
certbot certonly
This will allow you interactively select the plugin and options used to obtain your free SSL certificate. If you already have a web server running, we recommend choosing the “webroot” plugin.
Alternatively, you can specify more information on the command line.
To obtain a cert using the “webroot” plugin, which can work with the webroot directory of any web server software:
|
1 |
$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is |
This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.
Note:
To use the webroot plugin, your server must be configured to serve files from hidden directories. If /.well-known is treated specially by your web server configuration, you might need to modify the configuration to ensure that files inside /.well-known/acme-challenge are served by the web server.
To obtain a cert using a built-in “standalone” web server (you may need to temporarily stop your existing web server if any) for example.com and www.example.com:
|
1 |
$ certbot certonly --standalone -d example.com -d www.example.com |
Automating renewal
The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your free SSL certificates by running this command:
|
1 |
certbot renew --dry-run |
More detailed information and options about renewal can be found in the full documentation.
We hope you enjoy this post, comment in the box if you have any query. We are best mobile app development and web development company.
Share with your friends if you enjoy this post.
i’m for the first time here. I came across this board and I in finding
It really helpful & it helped me out a lot.
I just want to say I’m a newbie to blogging and seriously enjoyed you’re web page. Most likely I’m going to bookmark your blog. You certainly come with outstanding articles and reviews. With thanks for revealing your website.