In 2019, it’s so easy to get a basic form of SSL that no website should be without it, no matter the use. Not only is it best practice, a non encrypted connection now displays a warning in your browser, which makes loses user trust. In this blog post, we’ll go over how to install a Let’s Encrypt certificate on an NGINX based website.
Let’s Encrypt allows you to have an SSL certificate for free, and it with it there’s little excuse to not support SSL on any website, no matter how basic its intended function.
For this tutorial, we’ll be using a server with NGINX running on CentOS 7. Instructions for a different linux distro will be similar, however certain commands may be different.
There are many Let’s Encrypt certificate installers out there to choose from. For this tutorial we’ll be focusing on Certbot, one of the most popular solutions.
First, we need to add the EPEL repository.
sudo yum install epel-release
Now, you can install Certbot
sudo yum install certbot python2-certbot-nginx
Now, run the Certbot auto install for nginx
sudo certbot --nginx
You’ll be prompted for an email address that will receive renewal reminders and security notices. It’s suggested that while you use a separate email for things concerning the operation of your website, to forward these messages to another email or your mobile device so you don’t miss them.
After reading and agreeing to the Terms of Service for Let’s Encrypt, you’ll also be greeted with the opportunity to sign up for emails from the electronic frontier foundation.
Next, a prompt will ask you if you’d like to receive emails from Certbot and the Electronic Frontier Foundation. You’ll probably want to deny, especially if you used an email that’s specifically for your website.
Next, you’ll be prompted to enter the domain of the website. You must enter a domain name with an active A DNS record pointing to your webserver, it will not accept an IP address that you may be using for a test website.
From here, you have two options. The first ensures https can function, but it will not force redirect all traffic to HTTPS, and allows HTTP to still function. The second forces all traffic to HTTPS. I always prefer option 2, just make sure it won’t break anything on an existing site. This avoids all browser side warnings about unsecure connections.
Once you’ve completed the process, you should be greeted with the above message.
Navigate to your website to test it, if you picked option 2 it should force you to HTTPS. If you chose option one you should choose an HTTPS connection manually.
That’s it! You’ve installed a basic Let’s Encrypt Free SSL certificate on an NGINX website.
If you need help upgrading your existing website, or need someone to make a new one for you, consider hiring offshore developers from CodeClouds.