• Home
  • Linux
  • Ubuntu
  • Debian
  • CentOS
  • Linux Commands
  • About Us
  • Donate
TecNStuff
Menu
  • Home
  • Linux
  • Ubuntu
  • Debian
  • CentOS
  • Linux Commands
  • About Us
  • Donate

Secure Nginx with Let’s Encrypt on Debian 10

Written by Admin, Updated On May 22, 2020
debian, let's encrypt, nginx, ssl
secure nginx with lets encrypt on debian 10

Let’s Encrypt is a free Certificate Authority (CA). It provides a simple way to obtain, install and renew free TLS/SSL certificates. This guide will help you to obtain and install free SSL certificate and Secure Nginx with Let’s Encrypt on Debian 10 Buster.

It is recommended that to use a separate Nginx server block file instead of the default file. In this tutorial, we will create new Nginx server block files for each domain. Thus, we can avoid common mistakes and maintains the default files as a fallback configuration.

Prerequisites#

  • Logged in to Debian server with a non-root user with sudo privileges.
  • Your domain name should pointing to your server IP address.
  • Nginx installed and configured by How To Install Nginx on Debian 10.
  • Have a Nginx server block for your domain, as shown in this tutorial.

Install Let’s Encrypt on Debian#

We here described the steps to use Certbot tool to obtain a free SSL certificate for Nginx on Debian 10 Buster. Now a days, certificates issued by Let’s Encrypt are trusted by almost all browsers.

Install Certbot Client#

Using Certbot client package, you can easily obtain, install and renew Let’s Encrypt SSL certificates. It’s useful for configuring web servers to use the SSL certificates. The certbot package is included in the default Debian repositories.

First, we will update the packages list:

sudo apt update

Next, you need to install dependencies for python3-certbot-nginx package by executing below command:

sudo apt install python3-acme python3-certbot python3-mock python3-openssl python3-pkg-resources python3-pyparsing python3-zope.interface

Now install Certbot client by executing following command:

sudo apt install certbot python3-certbot-nginx

You can verify that certbot is installed successfully or not by typing:

certbot --version

Adjust Firewall#

If on server UFW firewall enabled then you need to adjust firewall to allow HTTPS traffic.

You can see the current setting by typing:

sudo ufw status
Status: active
To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Nginx HTTP                 ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Nginx HTTP (v6)            ALLOW       Anywhere (v6)

To let in HTTPS traffic, you need to allow the Nginx Full profile and delete the redundant Nginx HTTP profile allowance:

sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'

Now status should look like as below:

Status: active
To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Nginx Full                 ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Nginx Full (v6)            ALLOW       Anywhere (v6)

Obtaining an SSL Certificate#

There are many ways to obtain SSL certificates through plugins. Here, we will use certbot client to obtain a SSL certificate:

sudo certbot --nginx -d example.com -d www.example.com

Using above command, we are requesting for example.com and www.example.com domains. If you are installing certificate first time then it will ask you enter email address and agree terms and conditions. Entered email address will be used for sending email alerts related to SSL renewal and expiration.

Next, If validation got successful it will ask you to configure HTTPS settings:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Select your choice and hit Enter to go ahead. Your nginx server block will be updated based on your selected option and will reload Nginx to take new settings effect.

Finally, your domain is secure with Let’s Encrypt SSL certificate. You can verify by visiting your site with HTTPS protocol.

Auto Renew Let’s Encrypt SSL certificate#

Let’s Encrypt SSL certificates have short-life period of 90 days so you need to renew it before it expire. You can renew SSL certificate before it get expired by typing:

sudo certbot renew

You can setup automatic process to auto renew Let’s Encrypt SSL certificates by adding a cronjob. Run following command to open crontab:

sudo crontab -e

Next, append the below line at end of file. It will run the command twice a day and renews if the certificate is about to expire.

0 */12 * * * root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

Save and close the file.

You also can verify certbot auto-renewal process by typing:

sudo certbot renew --dry-run

Conclusion#

You have learned how to install certbot client, obtain Let’s Encrypt SSL certificate and configured to Nginx to use the SSL certificates. At last, you have set up a cronjob for automatic certificate renewal. Now you learned the steps to secure nginx on Debian 10 Buster.

If you want to know more about how to use Certbot, their documentation is a good starting point.

If our content helps you, please consider buying us a coffee

Thank you for your support.

Share On
Share on Facebook
Share on Twitter
Share on Reddit
Share on Tumblr
 Previous Article How to Install R on Ubuntu 18.04
Next Article   How to Install Google Chrome on Debian 10 Buster

Related Posts

  • How to Install WordPress with Nginx on Debian 11

    How to Install WordPress with Nginx on Debian 11

    March 22, 2023
  • How to Install LEMP Stack on Ubuntu 22.04

    How to Install LEMP Stack on Ubuntu 22.04

    March 18, 2023
  • How to Install and Use Docker on Debian 11

    How to Install and Use Docker on Debian 11

    March 10, 2023

Leave a Reply Cancel reply

DigitalOcean Referral Badge

Popular Posts

  • How to Install Microsoft Edge Browser on Ubuntu 22.04
    How to Install Microsoft Edge Browser on Ubuntu 22.04 March 14, 2023
  • How to Install Ruby on Ubuntu 22.04 LTS
    How to Install Ruby on Ubuntu 22.04 LTS February 27, 2023
  • How to Install PHP 8.2 on Debian 11
    How to Install PHP 8.2 on Debian 11 Linux February 24, 2023
  • How to Install LEMP Stack on Ubuntu 22.04
    How to Install LEMP Stack on Ubuntu 22.04 March 18, 2023
  • How to Install Set Up Apache Virtual Hosts on Ubuntu 22.04
    How to Set Up Apache Virtual Hosts on Ubuntu 22.04 March 2, 2023
© 2020 TecNStuff All rights reserved. This website is using and storing cookies on your browser. By using this website you agree our Privacy Policy.  Follow us -  Twitter | Facebook