{"id":1143,"date":"2016-03-14T19:20:30","date_gmt":"2016-03-14T18:20:30","guid":{"rendered":"http:\/\/monodes.com\/predaelli\/?p=1143"},"modified":"2016-03-14T09:36:20","modified_gmt":"2016-03-14T08:36:20","slug":"how-to-secure-nginx-with-lets-encrypt-on-ubuntu-14-04-digitalocean","status":"publish","type":"post","link":"https:\/\/monodes.com\/predaelli\/2016\/03\/14\/how-to-secure-nginx-with-lets-encrypt-on-ubuntu-14-04-digitalocean\/","title":{"rendered":"How To Secure Nginx with Let’s Encrypt on Ubuntu 14.04 | DigitalOcean"},"content":{"rendered":"

Following https:\/\/letsencrypt.readthedocs.org\/en\/latest\/using.html#installation
\n<\/a><\/p>\n

you can obtain a nice SSL certificate for your own webservers; yet for those who likes NGinx like me this guide How To Secure Nginx with Let’s Encrypt on Ubuntu 14.04 | DigitalOcean<\/a> <\/em>is also useful<\/p>\n

In this tutorial, we will show you how to use Let’s Encrypt to obtain a free SSL certificate and use it with Nginx on Ubuntu 14.04. We will also show you how to automatically renew your SSL certificate. If you’re running a different web server, simply<\/p><\/blockquote>\n

<\/p>\n

Since it’s based on US of America your can’t really trust them for “national security” issues or even when there’s business involved or you strive for real privacy. For that level of trustness the only way are self-signed certificates distributed with a one-to-one physical channel.<\/p>\n

\n
\n

How To Secure Nginx with Let’s Encrypt on Ubuntu 14.04<\/h1>\n

Dec 17, 2015<\/span> Nginx<\/a>, Security<\/a>, Let’s Encrypt<\/a> Ubuntu<\/a><\/span> <\/span><\/p>\n<\/div>\n

<\/div>\n
\n

Introduction<\/h3>\n

Let’s Encrypt is a new Certificate Authority (CA) that provides an easy way to obtain and install free TLS\/SSL certificates, thereby enabling encrypted HTTPS on web servers. It simplifies the process by providing a software client, letsencrypt<\/code>, that attempts to automate most (if not all) of the required steps. Currently, as Let’s Encrypt is still in open beta, the entire process of obtaining and installing a certificate is fully automated only on Apache web servers. However, Let’s Encrypt can be used to easily obtain a free SSL certificate, which can be installed manually, regardless of your choice of web server software.<\/p>\n

In this tutorial, we will show you how to use Let’s Encrypt to obtain a free SSL certificate and use it with Nginx on Ubuntu 14.04. We will also show you how to automatically renew your SSL certificate. If you’re running a different web server, simply follow your web server’s documentation to learn how to use the certificate with your setup.<\/p>\n

\"Nginx<\/p>\n

<\/div>\n

Prerequisites<\/h2>\n

Before following this tutorial, you’ll need a few things.<\/p>\n

You should have an Ubuntu 14.04 server with a non-root user who has sudo<\/code> privileges. You can learn how to set up such a user account by following steps 1-3 in our initial server setup for Ubuntu 14.04 tutorial<\/a>.<\/p>\n

You must own or control the registered domain name that you wish to use the certificate with. If you do not already have a registered domain name, you may register one with one of the many domain name registrars out there (e.g. Namecheap, GoDaddy, etc.).<\/p>\n

If you haven’t already, be sure to create an A Record<\/strong> that points your domain to the public IP address of your server. This is required because of how Let’s Encrypt validates that you own the domain it is issuing a certificate for. For example, if you want to obtain a certificate for example.com<\/code>, that domain must resolve to your server for the validation process to work. Our setup will use example.com<\/code> and www.example.com<\/code> as the domain names, so both DNS records are required<\/strong>.<\/p>\n

Once you have all of the prerequisites out of the way, let’s move on to installing the Let’s Encrypt client software.<\/p>\n

<\/div>\n

Step 1 \u2014 Install Let’s Encrypt Client<\/h2>\n

The first step to using Let’s Encrypt to obtain an SSL certificate is to install the letsencrypt<\/code> software on your server. Currently, the best way to install Let’s Encrypt is to simply clone it from the official GitHub repository. In the future, it will likely be available via a package manager.<\/p>\n

Install Git and bc<\/h3>\n

Let’s install Git and bc now, so we can clone the Let’s Encrypt repository.<\/p>\n

Update your server’s package manager with this command:<\/p>\n