Debasish Sen
Friday, October 25, 2024 | 3 minutes
Securing NGINX Traffic with SSL Using Certbot
Securing NGINX Traffic with SSL Using Certbot
When it comes to securing web traffic, implementing SSL (Secure Sockets Layer) is one of the most critical steps. In this guide, I’ll walk you through securing your NGINX server using free SSL certificates from Certbot, a popular tool that makes SSL management simple.
Prerequisites
Before starting, ensure you have:
- A Linux server with sudo access.
- A domain name pointing to your server’s IP address.
- NGINX installed on your server.
Note: This tutorial assumes you’re working with a Debian-based Linux distribution like Ubuntu.
1. Installing Certbot and NGINX
First, let’s install Certbot, the tool that will help us generate SSL certificates, and make sure NGINX is installed.
# Update your package list
sudo apt update
# Install NGINX
sudo apt install nginx -y
# Install Certbot and its NGINX plugin
sudo apt install certbot python3-certbot-nginx -y
Once installed, Certbot is ready to generate certificates, and NGINX is set to serve as your web server.
2. Obtaining an SSL Certificate
To obtain an SSL certificate, Certbot will validate your domain by temporarily placing files on your server. Let’s proceed to the certificate request.
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
Replace yourdomain.com with your actual domain name. Certbot will guide you through setting up the certificate.
During the process, you’ll be asked if you want to:
- Redirect HTTP to HTTPS (recommended for secure connections).
- Agree to Certbot’s terms of service.
Certbot will configure NGINX automatically, adding the SSL certificates and necessary settings.
3. Configuring NGINX for SSL
Certbot usually modifies your NGINX configuration to enable SSL automatically. To verify, open your NGINX configuration file for your domain (usually found in /etc/nginx/sites-available/):
sudo nano /etc/nginx/sites-available/yourdomain.com
You should see listen 443 ssl; and references to the SSL certificate files like:
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
Note: If Certbot hasn’t updated your configuration, you may need to add these lines manually.
To apply the changes, test and reload NGINX:
sudo nginx -t
sudo systemctl reload nginx
4. Setting Up Auto-Renewal
Certbot’s certificates expire every 90 days, but it can automatically renew them to keep your website secure.
To check if the auto-renewal service is active, run:
sudo systemctl status certbot.timer
You can also manually test renewal with:
sudo certbot renew --dry-run
If this runs without errors, auto-renewal is set up correctly!
5. Testing the SSL Setup
Finally, verify that your SSL setup is working by visiting your site at https://yourdomain.com. You should see a secure connection indicator in your browser (usually a padlock icon).
To further check for configuration issues, use an online tool like SSL Labs.
Conclusion
Securing your website’s traffic with SSL is a vital step in protecting user data and building trust. By using Certbot with NGINX, you can have a reliable, automated SSL solution at no cost. With your SSL certificates in place and automatic renewal configured, your NGINX server is now secure and ready to serve traffic safely.
For more tutorials on web server management and security, stay tuned to my blog!
Happy securing!