How to Install Let’s Encrypt SSL Certificate for Nginx on Debian 11

0

Let’s Encrypt is a certificates authority that gives unfastened SSL certificate for internet sites. However, it no longer best gives SSL certificate; it additionally automates certificates advent, validation, signing, implementation, and renewal of certificate.

Let’s Encrypt is the sector’s biggest certificates authority, utilized by greater than 250 million internet sites. It used to be introduced in November 2014 with the function of all internet sites being safe and the usage of HTTPS.

Currently, Let’s Encrypt helps auto set up of certificate on Apache, Nginx, Plex, and Haproxy.

Here, we will be able to see find out how to set up Let’s Encrypt SSL Certificate for Nginx on Debian 11.

Prerequisites

I like to recommend you place up the set up Nginx information superhighway server for your gadget earlier than you continue additional.

READ: How to Install LEMP Stack on Debian 11

Create Virtualhost

First, we will be able to wish to create an Nginx digital host to serve the HTTP model of your web page.

sudo nano /and so forth/nginx/conf.d/www.holhol24.internet.conf

Use the underneath configuration on your web page. Do take into account to modify the values in line with your requirement.

server {
   server_name www.holhol24.internet;
   root /usr/percentage/nginx/www.holhol24.internet/;

   location / {
       index index.html index.htm index.php;
   }

   access_log /var/log/nginx/www.holhol24.internet.get admission to.log;
   error_log /var/log/nginx/www.holhol24.internet.error.log;

   location ~ .php$ {
      come with fastcgi_params;
      fastcgi_intercept_errors on;
      fastcgi_pass unix:/run/php/php7.4-fpm.sock;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   }
}

Once you might have created the digital host configuration document, create a root listing to carry your web page’s information.

sudo mkdir -p /usr/percentage/nginx/www.holhol24.internet/

Then, exchange the possession and team of the listing.

sudo chown -R www-data:www-data /usr/percentage/nginx/www.holhol24.internet/

Finally, position the check HTML document at the file root of your area.

echo "This is a test site @ www.holhol24.net" | sudo tee /usr/percentage/nginx/www.holhol24.internet/index.html

Now, it is very important restart the Nginx carrier to re-read the configurations.

sudo systemctl restart nginx

Create / Update DNS Record

To generate the Let’s Encrypt SSL certificates on your area, it is very important level your area on your server IP. So, move on your area registrar and create an A/CNAME document on your area. For instance, the underneath symbol displays the A/CNAME document for the area www.holhol24.internet.

DNS data adjustments will take time to propagate. So, look ahead to couple of minutes to hours is dependent upon the TTL you place for the DNS document.

DNS Records

Install Let’s Encrypt SSL Certificate For Nginx

Install Certbot

In addition to pointing a site on your server IP, you’re going to additionally wish to set up the Certbot ACME consumer for your gadget. The Certbot consumer handles certificates issuance and set up with out a downtime.

Certbot is now to be had as a snap package deal for Debian working gadget. So, first, set up the Snapd package deal.

sudo apt replace

sudo apt set up -y snapd

Then, replace the snapd to the most recent model.

sudo snap set up core; sudo snap refresh core

Finally, set up the Certbot consumer the usage of the snap command.

sudo snap set up --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Install Let’s Encrypt Certificate

Use the certbot command to create a Let’s Encrypt certificates and configure Nginx to make use of the certificates.

sudo certbot --nginx

Follow the interactive steered and set up the certificates.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter electronic mail deal with (used for pressing renewal and safety notices)
 (Enter 'c' to cancel): admin@holhol24.native 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please learn the Terms of Service at
https://letsencrypt.org/paperwork/LE-SA-v1.2-November-15-2017.pdf. You should
agree with the intention to sign in with the ACME server. Do you settle?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y  

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be prepared, as soon as your first certificates is effectively issued, to
percentage your electronic mail deal with with the Electronic Frontier Foundation, a founding
spouse of the Let's Encrypt mission and the non-profit group that
develops Certbot? We'd love to ship you electronic mail about our paintings encrypting the information superhighway,
EFF information, campaigns, and techniques to beef up virtual freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N 
Account registered.

Which names do you want to turn on HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: www.holhol24.internet
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the best numbers separated via commas and/or areas, or depart enter
clean to choose all choices proven (Enter 'c' to cancel): 1 
Requesting a certificates for www.holhol24.internet

Successfully gained certificates.
Certificate is stored at: /and so forth/letsencrypt/are living/www.holhol24.internet/fullchain.pem
Key is stored at:         /and so forth/letsencrypt/are living/www.holhol24.internet/privkey.pem
This certificates expires on 2022-01-17.
These information will likely be up to date when the certificates renews.
Certbot has arrange a scheduled job to routinely renew this certificates within the background.

Deploying certificates
Successfully deployed certificates for www.holhol24.internet to /and so forth/nginx/conf.d/www.holhol24.internet.conf
Congratulations! You have effectively enabled HTTPS on https://www.holhol24.internet

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you prefer Certbot, please believe supporting our paintings via:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Redirect non-www HTTP requests to www HTTPS with Nginx (non-compulsory)

You might love to configure the Nginx server to redirect the site visitors from the non-www HTTP website to the WWW HTTPS website, I.e., http://holhol24.internet >> https://www.holhol24.internet.

sudo nano /and so forth/nginx/conf.d/www.holhol24.internet.conf

Add the underneath data on the finish of the document.

# Redirect NON-WWW HTTP to WWW HTTPS

server {
    if ($host = holhol24.internet) {
        go back 301 https://www.holhol24.internet$request_uri;
    }


   server_name holhol24.internet;
    pay attention 80;
    go back 404;

}

Then, restart the Nginx carrier.

sudo systemctl restart nginx

Verify Let’s Encrypt Certificate

You can test the Let’s Encrypt certificates via visiting your web page.

http://your-http-web-site

OR

https://your-https-web-site

You will have to get the HTTPS model of your website now.

Let’s Encrypt SSL Certificate with Nginx on Debian 11
Let’s Encrypt SSL Certificate with Nginx on Debian 11

Test SSL Certificate

Test your Let’s Encrypt SSL certificates for any problems and its safety scores via going to the underneath URL.

https://www.ssllabs.com/ssltest/analyze.html?d=www.holhol24.internet

Renew Let’s Encrypt Certificate

Let’s Encrypt certificate have a validity of 90 days, and it’s extremely really helpful to resume the certificate earlier than they expire. Thanks to the systemd carrier, which runs two times an afternoon and routinely renews certificate which can be about to run out.

But, I like to recommend you run the underneath command to simulate the automated renewal of your certificates.

sudo certbot renew --dry-run

Output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /and so forth/letsencrypt/renewal/www.holhol24.internet.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Account registered.
Simulating renewal of an present certificates for www.holhol24.internet

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded: 
  /and so forth/letsencrypt/are living/www.holhol24.internet/fullchain.pem (luck)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

If the output confirms that the renewal is operating as it should be, the automated renewal will occur as anticipated.

Conclusion

That’s All. I’m hoping you discovered find out how to Install Let’s Encrypt SSL Certificate for Nginx on Debian 11. Share your comments within the feedback phase.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More