Skip to content

How to set up HTTPS

Cristian Gonzalez edited this page Jul 8, 2021 · 6 revisions

How to set up HTTPS on your server

This document shows how to setup HTTPS on your production server. For this, we are going to use Certbot on Nginx deploying Let's Enctrypt certificates. This helps us to install the certificates and necessary stuff to have the website on HTTPS. Also, make sure you already have a domain for your server, as this Certbot does not work for IPs.

Install

To install the packages and all necessary plugins for nginx just type the next command:

sudo yum install python2-certbot-nginx

Get started and settings

Certbot has an Nginx plugin, which is supported on many platforms, and automates certificate installation.

sudo certbot --nginx

Running the next command will get the certificate and guide you to some settings. This will edit your Nginx configuration file automatically to serve it.

One of the options will ask you if you want to redirect HTTP connections to HTTPS, we recommend you select the option which do that for you so that way Certbot will do it for you.

If everything was right and you get a message that the certificate is installed and now you can access to HTTPS you are all set!

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

sudo certbot renew --dry-run

If that appears to be working correctly, you can arrange for automatic renewal by adding a cron job which runs the following:

certbot renew

The idea is to renew the certificate automatically, as it was said before, the certificate lasts for 90 days but they are available to renewal 30 days before due date. So we are going to do a cron job that runs at 4 am every day trying to renew the certificate. That means that 30 days before the certificate will renew.

0 4 * * * /usr/bin/certbot renew --deploy-hook "sudo systemctl restart nginx" >> /var/log/letsencrypt/renew.log

Add this line on crontab to automatically renew the certificates. After this, you are done!

Notes:

Clone this wiki locally