How to enable HTTPS with Let’s Encrypt on your Web Server

How to enable HTTPS protocol for free

Today every website should provide pages, assets and APIs via HTTPS protocol.

To enable HTTPS protocol on your website, you need to get a certificate from a so called “Certificate Authority” or CA.

Today, if you want a free certificate you can use a special Certificate Authority like Let’s Encrypt.

If you have a VPS on Digital Ocean, Vultr or some other Cloud infrastructure provider you can easily follow next steps.

If you need a VPS (droplet) on Digital Ocean you can use this link to activate your droplet with 10$ of credit (two months for a basic Droplet are free).

I assume that you have a VPS with Ubuntu 17.10 and Nginx as a Web Server. You can use also other type of GNU/Linux distributions like older version of Ubuntu (17.04, 16.10 or 16.04 LTS) or Debian GNU/Linux.

We will go through these steps:

• install needed tools
• activate certificate
• configure Nginx

Install needed tools

You need to access your VPS (or Droplet) where the Nginx Web Server is running. For Ubuntu you need to add this extra APT repository:

sudo add-apt-repository ppa:certbot/certbot

Then you can update your packages list and install python-certbot-ngnix:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install software-properties-common
sudo apt-get install python-certbot-nginx

Python Certbot is a set of scripts that automatically obtain a new certificate from Let’s Encrypt and save it to /etc/letsencrypt/live .

Activate the certificate

With all the correct packages installed you can execute certbot command via sudo in order to obtain the certificates. You’ll need to launch this command from the machine where the certificate will be installed to. Let’s Encrypt will do some checks trying contact your Web Server (at the domain you are requesting the certificate for).

For Nginx, the command is:

sudo certbot --nginx -d example.com -d www.example.com

If you’re having issues with this command, I suggest you to execute certbot in standalone mode: it will request a certificate without installing it automatically, and let you configure your Web Server manually. You need to stop your Nginx process and then execute certbot command:

sudo certbot certonly --standalone -d example.com -d www.example.com

This last command, it will create two keys (one public and one private).

Your certificate and chain it will be saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
and your key file will be saved at:
/etc/letsencrypt/live/example.com/privkey.pem

Configure Nginx

You need to create a configuration file for Nginx where to specify the path of keys.

Create a file named (whit root privileges):
/etc/nginx/snippets/letsencrypt.conf

In this file you can define your keys:

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

In the Nginx virtual host config file:

/etc/nginx/sites-available/example.com

You need to enable SSL and load the conf file with keys, in the server section:

listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/letsencrypt.conf;

After restarting Nginx, you can now finally access your domain via the HTTPS protocol.