How to set up HTTPS

How to set up HTTPS

This document shows how to set up the HTTPS on production server. For this, we are going to use Certbot on Nginx deploying Let's Enctrypt certificates. This help us to install the certificates and necessary stuff to have the website on HTTPS.

Install

To install the packages and all necessary plugins for nginx just type the next command:

sudo yum install python2-certbot-nginx

Get started and settings

Certbot has an Nginx plugin, which is supported on many platforms, and automates certificate installation.

sudo certbot --nginx

Running the next command will get the certificate and guide you to some settings. This will edit your Nginx configuration file automatically to serve it.

One of the options will ask you if you want to redirect HTTP connections to HTTPS, we recommend you select the option which do that for you so that way Certbot will do it for you.

If everything was right and you get a message that the certificate is installed and now you can access to HTTPS you are all set!

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

sudo certbot renew --dry-run

If that appears to be working correctly, you can arrange for automatic renewal by adding a cron job which runs the following:

certbot renew

The idea is to renew the certificate automatically, as it was said before, the certificates last for 90 days but they are available to renewal 30 days before it ends. So we are going to do a cron job that runs at noon and midnight every day trying to renew the certificate. That means that 30 days before the certificate will renew.

0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew 

Add this line on crontab to automatically renew the certificates. After this, you are done!