DEV Community

Tonny Kirwa
Tonny Kirwa

Posted on

Disappoint Hackers - Add SSL Certificates to your Website

To obtain SSL certificates for www.realmigo.tech and realmigo.tech using Let's Encrypt, you can use Certbot. Certbot simplifies the process of obtaining and renewing SSL certificates. Here's a step-by-step guide:

Prerequisites:

  1. Ensure that your domain's DNS records point to the correct IP address.
  2. Make sure that your server is reachable on ports 80 and 443.

Steps:

  1. Install Certbot: Install Certbot on your server. The commands might vary depending on your operating system. For example, on Ubuntu, you can use:
sudo apt update
sudo apt install certbot
sudo apt install python3-certbot-nginx
Enter fullscreen mode Exit fullscreen mode
  1. Obtain SSL Certificates: Run Certbot to obtain SSL certificates for both www.realmigo.tech and realmigo.tech:
sudo certbot certonly --nginx -d realmigo.tech -d www.realmigo.tech
Enter fullscreen mode Exit fullscreen mode

This command will use Certbot in standalone mode and perform the necessary steps to prove domain ownership.

  1. Configure Nginx to Redirect HTTP to HTTPS (Optional but recommended): Create an Nginx configuration file for your application, specifying the SSL certificate paths. Create a new file, for example, /etc/nginx/sites-available/your-app, and add the following content:
   server {
       listen 80;
       server_name realmigo.tech www.realmigo.tech;
       return 301 https://$host$request_uri;
   }

   server {
       listen 443 ssl;
       server_name realmigo.tech www.realmigo.tech;

       ssl_certificate /etc/letsencrypt/live/realmigo.tech/fullchain.pem;
       ssl_certificate_key /etc/letsencrypt/live/realmigo.tech/privkey.pem;

       # Additional SSL configurations go here

       location / {
           proxy_pass http://localhost:your_app_port;
           proxy_http_version 1.1;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection 'upgrade';
           proxy_set_header Host $host;
           proxy_cache_bypass $http_upgrade;
       }
   }
Enter fullscreen mode Exit fullscreen mode

Replace your_app_port with the actual port where your application is running.
Create a Symbolic Link:
Create a symbolic link to enable the Nginx site:

sudo ln -s /etc/nginx/sites-available/your-app /etc/nginx/sites-enabled/
Enter fullscreen mode Exit fullscreen mode
  1. Test Nginx Configuration and Restart Nginx: Check the Nginx configuration for syntax errors:
   sudo nginx -t
Enter fullscreen mode Exit fullscreen mode

If there are no errors, restart Nginx:

   sudo service nginx restart
Enter fullscreen mode Exit fullscreen mode
  1. Automatic Renewal: Set up a cron job to automatically renew the Let's Encrypt certificates:
   sudo crontab -e
Enter fullscreen mode Exit fullscreen mode

Add the following line to run the renewal process twice daily:

   0 */12 * * * certbot renew --quiet
Enter fullscreen mode Exit fullscreen mode

Save and exit the editor.

Now, your site should be accessible over HTTPS at https://www.realmigo.tech and https://realmigo.tech. Make sure to customize the Nginx configuration according to your application's needs.

Top comments (0)