In this tutorial we will show you how to install and configuration of LetsEncrypt with Nginx on your Ubuntu 15.04 server. For those of you who didn’t know, Let’s Encrypt is a free SSL certificate provider, backed by major companies and organizations, which provides a free, open and automated system to easily add SSL/TLS based encryption to a website. Unfortunately, LetsEncrypt.org certificates currently have a 3 month lifetime. This means you’ll need to renew your certificate quarterly for now.
This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple. I will show you through the step by step installation LetsEncrypt SSL in Ubuntu 15.04.
Install LetsEncrypt With Nginx on Ubuntu 15.04
Step 1. First make sure that all your system packages are up-to-date by running these following apt-get commands in the terminal.
sudo apt-get update
sudo apt-get upgrade
Step 2. Install LEMP server.
A Ubuntu 15.04 LEMP server is required. If you do not have LEMP installed, you can follow our guide here.
Step 3. Installing LetsEncrypt.
Clone LetsEncrypt git project to your server:
git clone https://github.com/letsencrypt/letsencrypt
Then change into the project folder:
Run the commands below to generate a SSL certificate for your website or blogs:
./letsencrypt-auto certonly -a standalone -d yourdomain.com -d www.yourdomain.com
Assuming you did everything right, you should see this:
LetsEncrypt puts its keys in this directory /etc/letsencrypt
Step 3. Generating Your SSL Key and CSR.
First create SSL directory to host your SSL certificates.
Then follow the steps below to generate a server key, certificate signing request and self-signed certificate. If you want to install a trusted certificate from a trusted certificate authority, then you’ll need to send copy of the CSR to a certificate authority to generate a trusted certificate.
Create the server private key, run the commands below:
openssl genrsa -des3 -out server.key 2048
Then run the commands below to generate a certificate signing request key using the server private key to create a SSL certificate:
openssl req -new -key server.key -out server.csr
When you run the above commands, you’ll be prompted to answer few questions. Follow the sample guide below:
- Common Name: The fully-qualified domain name, or URL, you’re securing.
If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.idroot.net.
- Organization: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor’s name.
- Organization Unit: If applicable, enter the DBA (doing business as) name. If you’re securing a single blog, then type the blog owner’s name here.
- City or Locality: Name of the city where your organization is registered/located.
- State or Province: Name of the state or province where your organization is located.
- Country: The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.
Step 4. Configuring Nginx to use the SSL Certificate.
Now we need to configure NGINX to accept our certificates, and redirect our non-HTTPS requests to HTTPS. Example configuration for Nginx webserver is as followed:
listen 443 ssl spdy;
listen [::]:443 ssl spdy;
ssl_protocols TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security max-age=15768000;
resolver 220.127.116.11 18.104.22.168 valid=86400;
Save your configuration and restart Nginx webserver:
systemctl restart nginx
Now your domain should be accessible via HTTPS! Check it out at https://yourdomain.com.
Congratulation’s! You have successfully installed LetsEncrypt. Thanks for using this tutorial for installing LetsEncrypt SSL with Nginx on your Ubuntu 15.04 system. For additional help or useful information, we recommend you to check the official LetsEncrypt SSL web site.