How To Use LetsEncrypt SSL With Nginx On Ubuntu Server

by | Dec 16, 2015 | How-To/Tips, Security, Wordpress

Using SSL encryption on your website or blogs to protect user’s privacy  is not a bad idea. In fact, Google recommends it.

Google announced few months back, that if you migrate to your websites and blogs to HTTPS, you may get a small bump on its search engine result pages.

You might also like:
How to Install Microsoft Office Suite 2010 in Ubuntu 12.04 Using Wine 1.5

Adding SSL encryption also cost money depending on the certificate you want to install. For those who are not making enough money from their websites or blogs but still want to add SSL certificates can use LetsEncrypt.

You might also like:
Windows 7 vs. Ubuntu 12.04: Cleanup Old Data and Improve Performance

LetsEncrypt is a free open certificate authority (CA) that provides free certificates for websites and other services.

For more about who behind this, check their page here.

This brief tutorial is going to show you how to easily get LetsEncrypt’s certificates working on Ubuntu for your Nginx webservers.

The first thing to do is to clone the git project to your server. This means downloading the required packages from git to your server.

If you don’t already have git installed, you must install it first. To do that, run the commands below.

sudo apt-get install git

Next, clone LetsEncrypt git project to your server.

git clone https://github.com/letsencrypt/letsencrypt

Then change into the project folder.

cd letsencrypt

When you’re there, run the commands below to generate a SSL certificate for your website or blogs.

./letsencrypt-auto certonly -a standalone -d example.com -d www.example.com

LetsEncrypt puts its keys in this directory /etc/letsencrypt

The final thing to do after generating the certificates is to configure Nginx webserver to use the cert.

More on installing certificate on Ubuntu server for Nginx can be found on this blog post

How To Install SSL Certificates On Nginx Web Server On Ubuntu 15.04

Example configuration for Nginx webserver is as followed:

listen 443 ssl spdy;
listen [::]:443 ssl spdy;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
#
#
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.1 TLSv1.2;
#
#
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
#
#
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=86400;
resolver_timeout 10;

Save your configuration and restart Nginx webserver.

That’s it! If everything is setup correctly, your site should be SSL enabled for free.

Enjoy!

Frequently Asked Questions

How do I install LetsEncrypt SSL on Ubuntu server?

To install LetsEncrypt SSL on Ubuntu server, first clone the LetsEncrypt git project to your server by running 'git clone https://github.com/letsencrypt/letsencrypt'. Then generate the SSL certificate for your website or blogs using the command './letsencrypt-auto certonly -a standalone -d example.com -d www.example.com'.

What is the cost of using LetsEncrypt SSL certificates?

LetsEncrypt SSL certificates are free to use. LetsEncrypt is a free open certificate authority (CA) that provides free certificates for websites and other services, making it an affordable option for those who want to add SSL encryption without incurring costs.

Where can I find the keys generated by LetsEncrypt?

The keys generated by LetsEncrypt are located in the directory /etc/letsencrypt on your server. You can access the SSL certificate keys, including fullchain.pem, privkey.pem, and chain.pem, in this directory.

How can I configure Nginx webserver to use LetsEncrypt SSL certificate?

To configure Nginx webserver to use the LetsEncrypt SSL certificate, you need to specify the SSL certificate and key file paths in the Nginx configuration. Refer to the example Nginx configuration provided in the article and update it with your domain name and certificate file paths.

Why is it important to use SSL encryption on websites?

Using SSL encryption on websites is important to protect user privacy and data security. It helps establish a secure connection between the user's browser and the web server, preventing unauthorized access to sensitive information.

What are the benefits of migrating to HTTPS for websites?

Migrating to HTTPS offers benefits such as improved security, better search engine rankings (Google provides a small ranking boost), and increased user trust. HTTPS encryption helps build credibility and ensures data integrity.

Can LetsEncrypt certificates be used for services other than websites?

Yes, LetsEncrypt certificates can be used for services other than websites, such as email servers, FTP servers, and more. LetsEncrypt provides free certificates for various online services to enhance security and privacy.

What are the recommended steps to renew LetsEncrypt SSL certificates?

To renew LetsEncrypt SSL certificates, you can use the 'certbot' tool provided by LetsEncrypt. Simply run 'certbot renew' on your server to check for expiring certificates and automatically renew them before they expire.