Previously we saw How to install Certbot on Rocky Linux 8 depending on your web server, whether it’s Nginx or Apache. In this tutorial, I’m going to show you how to secure your Nginx web server with a free Let’s Encrypt SSL/TLS certificate. Let’s start.
Prerequisites
Generate Let’s Encrypt SSL/TLS Certificate
Step 1. You should make sure that your domain is correctly pointed to your server IP address and propagated, before generating a Let’s Encrypt SSL/TLS certificate. There is an online DNS tool that you can use to check it.
Step 2. Run the following command to obtain Let’s Encrypt certificate through Certbot:
sudo certbot --nginx -d domain.com -d www.domain.com
certbot: Will run Certbot.--nginx: Certbot plugin that we want to use it.-d: Specify the names that you’d like the certificate to be valid for.
Step 3. Now, you need to decide how you’d like to configure the HTTPS settings.
Output:
Please choose whether HTTPS access is required or optional.
-------------------------------------------------------------------------------
1: Easy - Allow both HTTP and HTTPS access to these sites
2: Secure - Make all requests redirect to secure HTTPS access
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
Select your choice and you should get the following output:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/domain.com/fullchain.pem. Your cert will
expire on xxxx-xx-xx. To obtain a new or tweaked version of this
certificate in the future, simply run certbot again with the
"certonly" option. To non-interactively renew *all* of your
certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work
Step 4. Reload Nginx.
sudo systemctl reload nginx
Open your desired web browser and notice the green lock icon.
Conclusion
This tutorial shows you how to secure Nginx with Let’s Encrypt free SSL/TLS certificate. Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.