For the websites that run on HTTP (80) that are not secure we need to install a signed SSL certificate in order to route the clients to HTTPS (443).
In most websites you will see a little lock next to the website name (before the beginning). So we will do this using a service called Lets Encrypt.
Lets Encrypt is a certificate authority that lets anyone obtain, renew, and manage certificate for their website. They are non-profit and provide this for free. So let's get started and install SSL certificate a website running on Ubuntu.
To follow along you can either ssh into your server or actually log into your server.
First let's make sure our server is up-to-date.
sudo apt-get update
Put in your sudo password (if asked).
This will take a little bit of time if you haven't updated your Ubuntu in a while. Otherwise it should be pretty quick.
Now let's install one more software package that is required:
sudo apt-get install software-properties-common
After this we need to add two repositories into our systems repository database:
sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot
The last one will ask you to hit "Enter" to continue. So hit "Enter" to continue.
After we have added these repositories we need to update our system one more time.
sudo apt-get update
Finally let's install the certbot for nginx:
sudo apt-get install certbot python-certbot-nginx
This will also ask you if you want to continue, so just hit "Enter".
In our case we are just downloading and signing the certificate and make the changes to our nginx server in the next post.Now in order to install the certificate you need to run the certbot command:
sudo certbot certonly --nginx
This will ask you a couple of questions. First it will ask us our e-mail address. So put in your e-mail address. Next it will ask us if we agree to the terms of service so let's type 'A' and hit 'return' to agree. Next it will ask if we want to share our e-mail address. I will just enter No for this one. Lastly it will ask you for which website you want to install the certificate for. I get only one option so I'll type '1' and hit 'return'.
Note: It is assumed that you have your website running on this Ubuntu server and nginx is installed and configured. With nginx configured I mean it has your website under:
And you have a soft link created for your website under:
If you don't understand this, please jump to the post that talks about configuring nginx.
Coming back to the topic, you should get two files after running the certbot command. One should be *fullchain.pem (* = anything before the word fullchain). Second one should be *-privkey.pem.
In the next post we will talk about how we can configure nginx to redirect our HTTP (80) traffic to HTTPS (443) by using these two files we received by installing SSL certificate using certbot.