Skip to content

Thomas Wilde Tech

Install Certbot, Auto HTTPS

Install Certbot, Auto HTTPS

Install Certbot¶

sudo yum update
sudo yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum-config-manager --enable epel
sudo yum install certbot python-certbot-nginx
certbot --version

Generate Certificate for you domain(s)¶

sudo certbot --nginx -d example.com -d www.example.com

When running the command, you will be prompted to enter an email address and agree to the terms of service. After doing so, you should see a message telling you the process was successful and where your certificates are stored:

    1 OutputIMPORTANT NOTES:
    2 Successfully received certificate.
    3 Certificate is saved at: /etc/letsencrypt/live/your_domain/fullchain.pem
    4 Key is saved at: /etc/letsencrypt/live/your_domain/privkey.pem
    5 This certificate expires on 2022-02-10.
    6 These files will be updated when the certificate renews.
    7 Certbot has setup a scheduled task to automatically renew this certificate inthe background.
    8 
    9 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   10 If you like Certbot,please consider supporting our work by:
   11 *Donating to ISRG /Let's Encrypt: https://letsencrypt.org/donate
   12 * Donating to EFF: https://eff.org/donate-le

Enable Automatic Renewal¶

Use the following command to test renewing the certs:

sudo certbot renew --dry-run

Your configuration file in /etc/nginx/sites-available/lightsail.wildebeastmedia.com will look like this. Note, Certbot makes these changes, you do not need to make any changes manually.

server {

    root /var/www/lightsail.wildebeastmedia.com/html;
    index index.html index.htm;

    server_name lightsail.wildebeastmedia.com;

    listen 443ssl;
    ssl_certificate /etc/letsencrypt/live/lightsail.wildebeastmedia.com/fullchain.pem;# managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/lightsail.wildebeastmedia.com/privkey.pem;# managed by Certbot


    location / {
        try_files $uri $uri/ =404;
    }

    # Redirect non-https traffic to https
    if($scheme!="https") {
        return301https://$host$request_uri;
    }

}
server {
    if($host=lightsail.wildebeastmedia.com) {
        return301https://$host$request_uri;
    }# managed by Certbot


    listen 80;
    listen [::]:80;

    server_name lightsail.wildebeastmedia.com;
    return404;# managed by Certbot

}

Comments