-
Notifications
You must be signed in to change notification settings - Fork 7
How to set up HTTPS
This document shows how to setup HTTPS on your production server. For this, we are going to use Certbot on Nginx deploying Let's Enctrypt certificates. This helps us to install the certificates and necessary stuff to have the website on HTTPS. Also, make sure you already have a domain for your server, as this Certbot does not work for IPs.
To install the packages and all necessary plugins for nginx just type the next command:
sudo yum install python2-certbot-nginx
Certbot has an Nginx plugin, which is supported on many platforms, and automates certificate installation.
sudo certbot --nginx
Running the next command will get the certificate and guide you to some settings. This will edit your Nginx configuration file automatically to serve it.
One of the options will ask you if you want to redirect HTTP connections to HTTPS, we recommend you select the option which do that for you so that way Certbot will do it for you.
If everything was right and you get a message that the certificate is installed and now you can access to HTTPS you are all set!
Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:
sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron job which runs the following:
certbot renew
The idea is to renew the certificate automatically, as it was said before, the certificate lasts for 90 days but they are available to renewal 30 days before due date. So we are going to do a cron job that runs at 4 am every day trying to renew the certificate. That means that 30 days before the certificate will renew.
0 4 * * * /usr/bin/certbot renew --deploy-hook "sudo systemctl restart nginx" >> /var/log/letsencrypt/renew.log
Add this line on crontab to automatically renew the certificates. After this, you are done!
Notes:
- You can check everything works and security you got here: https://www.ssllabs.com/ssltest/index.html
- If HTTPS is not working, check that the port (443) is open.
UNCode - Distributed and maintained by the Universidad Nacional de Colombia, Campus Bogotá.
Visit the UNCode web page.
Visit UNCode.
- Home
- User's Documentation
- Developer's Documentation
- Deploy UNCode
- Others