Securing your websites with an SSL certificate is now a must for all website admins, else the web browsers will mark the website as unsafe to visit, causing the loss of website traffic. But SSL certificate is not cheap, but there is a way around to get an SSL certificate for free with only downside that we need to renew SSL cert every 90 days but that process can also be automated.

Pre-Requisites

– We will need a registered Domain address,
– We will need a CentOS/RHEL or Ubuntu server with Ngnix installed. we have created a detailed ARTICLE HERE for nginx installation,

Install Let’s Encrypt on Ubuntu

Firstly we need to install Certbot on the Ubuntu system, but it’s not available with default Ubuntu repositories. Install the Ubuntu repositories with the following command,

$ sudo apt-get install software-properties-common
$ sudo add-apt-repository universe
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update

Now to install the Certbot , execute the following command from terminal,

$ sudo apt-get install python-certbot-nginx

Now, we will issue a new SSL certificate using the certbot command. Use the following command as a reference

$ sudo certbot –nginx -d example.com -d www.example.com

Here example.com is the name of the website for which the certificate will be issues, replace this with the name of your website. If this is the first time you are using Certbot, you will be asked to enter an Email address & also to agree to User Agreement,

Now certbot will then check with let’s encrypt server to verify that you are the web admin of the domain that you are trying to get an SSL for (usually you need to place two files with random text provided by let’s encrypt at location http://domain-name/.well-known/acme-challenge. more details on that HERE).

Once site ownership has been confirmed, we will be asked to configure redirect settings for Nginx, you can choose 1 (No-Redirect) or 2 (Redirect). If you choose 1, than you will have to configure redirect yourselves in Nginx configuration afterwards, with option 2 , the configuration will be updated & Nginx will be reloaded to implement the new changes made.

Our cert is now installed & new configurations also have been loaded. As mentioned above, we need to renew the cert every 90 days, for that we can create a new cronjob

Automatic Certificate Renewal

Following cron job will take care of the automatic certificate renewal

$ crontab -e

05 01 30 * * /usr/bin/certbot renew –quiet

this job will renew certificate every 30 days at 1:05 AM. We can also run the following command to dry-run or test the renewal of certificate,

$ certbot renew –dry-run