How to install SSL certificate for your website

Posted on Edited on In Views: Word count in article: 1.8k Reading time ≈ 2 mins.

Why need ssl?

Nowadays, more and more attention are paied to the internet safety. It is important to install a ssl certificate considering the man in the middle attack. The protocol is http when there is no ssl certificate, via which will transmit your username and password in paintext. So we need a ssl certificate to use https protocol which can encypt your data.

How?

  1. Install the plugin for nginx

    1
    sudo apt install python3-certbot-nginx

  2. Install the certbot program

    1
    sudo apt install certbot

  3. Generate new ssl certificate for your website.

    Before this, make sure that your website can be access via domain.

    1
    sudo certbot certonly --nginx -d umami.bbb.enterprises

    Then you will see the storage path of ssl path, copy them.

    The output just looks like:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Requesting a certificate for umami.bbb.enterprises

    Successfully received certificate.
    Certificate is saved at: /etc/letsencrypt/live/umami.bbb.enterprises/fullchain.pem
    Key is saved at:         /etc/letsencrypt/live/umami.bbb.enterprises/privkey.pem
    This certificate expires on 2023-12-19.
    These files will be updated when the certificate renews.
    Certbot has set up a scheduled task to automatically renew this certificate in the background.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    If you like Certbot, please consider supporting our work by:
     * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
     * Donating to EFF:                    https://eff.org/donate-le
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  4. Edit the nginx config to deploy ssl certificate

    1
    vim /etc/nginx/sites-available/00-default-ssl.conf # maybe your nginx config file path is different with me.
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        ssl_certificate /etc/letsencrypt/live/umami.bbb.enterprises/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/umami.bbb.enterprises/privkey.pem;
        server_name umami.bbb.enterprises;
        location / {
        proxy_pass http://localhost:3001/;
        }
    }

  5. Restart nginx service

    1
    sudo service nginx restart