/ letsencrypt

Get free SSL for your site using LetsEncrypt on Linux (Ubuntu)

It's been a while since my last blog post, but hoping to start sharing things I've learned with everyone again, so stay tuned!

So, from my last blog post on How to redirect ssl www to ssl non-www in nginx which at the time I had to manually setup things on my virtual.conf to get nginx to pick up my SSL keys, but since Let's Encrypt released to the public they've gotten so much better where it used to take me about half an hour at least to renew my key on Ubuntu and now under a minute!

Here is what I had to do to create/renew my certificate with nginx using certbot:

sudo certbot --nginx

Once I ran that command these options will be prompted:

Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: alicoding.com
2: www.alicoding.com
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Please choose whether HTTPS access is required or optional.
-------------------------------------------------------------------------------
1: Easy - Allow both HTTP and HTTPS access to these sites
2: Secure - Make all requests redirect to secure HTTPS access
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

I've configured to allowed people to visit my site with or without www included and will redirect to HTTPS if that was not specified.

That's all! I now have SSL enabled for my site in three simple steps and certbot updated my virtual.conf for me as well!

server {
    listen      80;
    server_name alicoding.com www.alicoding.com;
    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass  http://localhost:2369;
    }
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/www.alicoding.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/www.alicoding.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot


    # Redirect non-https traffic to https
    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    } # managed by Certbot
}

You can see bunch of comments added from certbot saying this is managed by the bot, isn't this awesome?!

Let me know your experience or what you want me to blog about next and I will be happy to share whatever I learn from that here :)