HTTPS with Certbot (LetsEncrypt)

From 24PinTech Wiki
Jump to navigation Jump to search


About

Certbot logo.png

When the internet first started, all of the websites ran on an insecure port 80, which is also known as HTTP. There were quite a few issues with this, like when a packet of data would be sent to a server with sensitive information, an outside attacker could listen and take that data. HTTPS uses and encrypted protocol called SSL to encrypt data being sent. You can watch this video for more information on the subject.

By default, Nginx runs on port 80, which is insecure HTTP, this is something that should be fixed before making the site public. To enable HTTPS, every site needs its own certificate, although they can be very hard and tedious to create manually, which is why we utilize the free program Certbot! Certbot provides a very simple way to create and apply these certificates to ensure a secure connection.

Pre-requisites

  • Linux Ubuntu
  • Working Nginx Webserver
  • Running server block/website on Port 80 (HTTP)
  • Sudo privileges

Installation

To begin, verify that the website that you'd like to open HTTPS is valid and up on the World Wide Web. This just means having a working Nginx domain set up. You can view how to add a new Nginx Domain/Subdomain here.

To install Certbot, you will run the commands sudo apt-get install certbot and sudo apt-get install python-certbot-nginx, to install Certbot for our specific server setup. Once this is done, you will be able to create an HTTPS certificate for any website running.

Creating an Nginx HTTPS Certificate

To create a new HTTPS certificate, you may run sudo certbot. This command will bring up a list of all of the available domains on the webserver, and number them, you will choose a number and it will install the certificate. It is as simple as that!

Another way to install a certificate is to run sudo certbot --nginx -d domain.com where domain.com is the name of the domain that you want to add.

Verification

To verify if the HTTPS domain is valid, run sudo nginx -t to check for any server config file errors. If that test returns successful, navigate to the website in your web browser of choice (Google Chrome), and check for the little lock next to the name of the website, if that has appeared, you have successfully installed Certbot onto that domain.

Removing an Nginx HTTPS Certificate

To remove a certificate from a domain, you will run the command sudo certbot delete. Like the command to create a certificate, this will bring up a list of all of the certificates available numbered. You will enter the number of the certificate, and it will be removed, it's that simple.

Verification

To verify you didn't break everything like I (Luke), have done multiple times, you will run sudo nginx -t. If this test returns successful, you may navigate to your web browser of choice (Google Chrome), and check next to the URL for a sign that says "Not Secure". This will complete the deletion of a certificate.

Notes

Note: It could possibly take up to 24-72 hours for it to be enabled, although at the time of writing the changes propagated almost immediately.

Extra Note: All Certbot certificates should auto-renew every 90 days.

Retrieved from "https://wiki.24pin.tech/index.php?title=HTTPS_with_Certbot_(LetsEncrypt)&oldid=1853"