Adding an SSL certificate to your server and setting up automatic renewal can seem daunting, but it’s a crucial step for securing your website. In this post, we’ll walk through the steps to add a free SSL certificate using Let’s Encrypt and automate its renewal on your Nginx server.
Step 1: Install Certbot
Certbot is a tool that automates the process of obtaining and renewing SSL certificates from Let’s Encrypt.
ssh your_username@your_server_ip
apt update
apt install certbot python3-certbot-nginx
Step 2: Obtain an SSL Certificate
Run Certbot to obtain and install the SSL certificate for your domain:
certbot --nginx
Follow the prompts to enter your email address and agree to the terms of service. Certbot will automatically obtain and install the SSL certificate.
Step 3: Verify the SSL Certificate
Check the status of Nginx and visit your website using https://your_domain to verify that the SSL certificate is working.
systemctl status nginx
Step 4: Automate SSL Certificate Renewal
Let’s Encrypt certificates are valid for 90 days, so it’s important to set up automatic renewal.
crontab -e
Add the following line to the crontab file to run the renewal twice a day:
0 0,12 * * * /usr/bin/certbot renew --quiet
Step 5: Reload Nginx to Apply Renewed Certificates
Create a post-renewal hook to reload Nginx after renewal:
nano /etc/letsencrypt/renewal-hooks/deploy/reload-nginx.sh
Add the following content to the file:
# /etc/letsencrypt/renewal-hooks/deploy/reload-nginx.sh
#!/bin/bash
systemctl reload nginx
Make the script executable:
chmod +x /etc/letsencrypt/renewal-hooks/deploy/reload-nginx.sh
Step 6: Test the Renewal Process
Manually run the renewal command to ensure everything is set up correctly:
certbot renew --dry-run
This will simulate the renewal process without making any actual changes, allowing you to verify that everything is working as expected.
Tips for a Successful SSL Setup
– Keep detailed documentation of your setup process for future reference.
– Regularly monitor your SSL certificate status to ensure it remains valid.
By following these steps, you can ensure that your website remains secure and your SSL certificate is always up to date.