Scribd
Upload
2 views

generate-ssl

This document provides a step-by-step guide to generate an SSL certificate using Let's Encrypt (Certbot) and configure Nginx for HTTPS on an EC2 instance. It includes instructions for installing necessary tools, generating the certificate, configuring Nginx, allowing HTTPS traffic, testing the setup, and enabling auto-renewal for the SSL certificate. Following these steps ensures that the website is secured with HTTPS.

Uploaded by

aditya.cloud31
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
2 views

generate-ssl

This document provides a step-by-step guide to generate an SSL certificate using Let's Encrypt (Certbot) and configure Nginx for HTTPS on an EC2 instance. It includes instructions for installing necessary tools, generating the certificate, configuring Nginx, allowing HTTPS traffic, testing the setup, and enabling auto-renewal for the SSL certificate. Following these steps ensures that the website is secured with HTTPS.

Uploaded by

aditya.cloud31
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Here’s a complete step-by-step guide to generate an SSL certificate using Let's Encrypt

(Certbot) and configure Nginx to use HTTPS on your EC2 instance.

🔹 Step 1: Install Certbot & Nginx Plugin


Certbot is a free tool that automatically generates and renews SSL certificates.

Run the following commands on your EC2 instance:

sudo apt update


sudo apt install certbot python3-certbot-nginx -y

🔹 Step 2: Generate SSL Certificate


Run the following command to generate a Let's Encrypt SSL certificate for your domain:

sudo certbot --nginx -d galambo.com -d www.galambo.com

📌 Explanation:

 -d galambo.com -d www.galambo.com → Specifies the domain names to secure.


 Certbot will automatically configure your Nginx to use HTTPS.
 If prompted, choose option 2 to redirect HTTP to HTTPS automatically.

✅ After Successful Installation, You’ll See:


Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/galambo.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/galambo.com/privkey.pem

🔹 Step 3: Verify Certificate Files


Check if the SSL certificate files exist:

sudo ls /etc/letsencrypt/live/galambo.com/

You should see these files:

cert.pem chain.pem fullchain.pem privkey.pem

🔹 Step 4: Configure Nginx to Use SSL

Cisco Confidential
1. Open the Nginx config file:
2. sudo nano /etc/nginx/sites-available/glambo
3. Replace the contents with this:
4. server {
5. listen 80;
6. server_name galambo.com www.galambo.com;
7. return 301 https://$host$request_uri; # Redirect HTTP to HTTPS
8. }
9.
10. server {
11. listen 443 ssl;
12. server_name galambo.com www.galambo.com;
13.
14. ssl_certificate
/etc/letsencrypt/live/galambo.com/fullchain.pem;
15. ssl_certificate_key
/etc/letsencrypt/live/galambo.com/privkey.pem;
16.
17. ssl_protocols TLSv1.2 TLSv1.3;
18. ssl_ciphers HIGH:!aNULL:!MD5;
19.
20. location / {
21. proxy_pass http://localhost:3000; # Redirect frontend
traffic to React
22. proxy_http_version 1.1;
23. proxy_set_header Upgrade $http_upgrade;
24. proxy_set_header Connection 'upgrade';
25. proxy_set_header Host $host;
26. proxy_cache_bypass $http_upgrade;
27. }
28.
29. location /api/ {
30. proxy_pass http://localhost:4000; # Redirect backend API
requests
31. proxy_http_version 1.1;
32. proxy_set_header Upgrade $http_upgrade;
33. proxy_set_header Connection 'upgrade';
34. proxy_set_header Host $host;
35. proxy_cache_bypass $http_upgrade;
36. }
37. }
38. Save and Exit (CTRL + X, then Y, then ENTER).

🔹 Step 5: Restart Nginx


Run the following command to apply the changes:

sudo nginx -t # Check for syntax errors


sudo systemctl restart nginx # Restart Nginx

Cisco Confidential
🔹 Step 6: Allow HTTPS Traffic (Port 443)
in Firewall
Ensure your firewall allows HTTPS (port 443) and HTTP (port 80):

sudo ufw allow 80


sudo ufw allow 443
sudo ufw reload

🔹 Step 7: Test HTTPS


Now, open your browser and go to:

https://galambo.com

You should see a secure padlock 🔒 in the address bar.

🔹 Step 8: Enable Auto-Renewal for SSL


Let's Encrypt certificates expire every 90 days, so enable auto-renewal:

sudo certbot renew --dry-run

If the test works, Certbot will automatically renew SSL when needed.

🚀 Done! Now your website is fully secured


with HTTPS on Nginx! 🎉
Let me know if you have any issues! 😊

Cisco Confidential

You might also like