Automate Let’s Encrypt SSL on DEBIAN 11 Nginx
Let’s Encrypt
Let’s Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. It simplifies the process by providing a software client, Certbot, that attempts to automate most (if not all) of the required steps.
Install (Debian 11)
Install Certbot and its Nginx:
sudo apt install certbot python3-certbot-nginx
Find the existing server_name line in you Nginx file. It should look like this:
server_name vicente-munoz.cl; server_name www.vicente-munoz.cl;
Restart Nginx
sudo systemctl reload nginx
Certbot provides a variety of ways to obtain SSL certificates through plugins. The Nginx plugin will take care of reconfiguring Nginx and reloading the config whenever necessary. To use this plugin, type the following:
sudo certbot --nginx -d vicente-munoz.cl -d www.vicente-munoz.cl
Final nginx config:
server {
client_max_body_size 64M;
server_name vicente-munoz.cl;
server_name www.vicente-munoz.cl;
location / {
proxy_pass http://127.0.0.1:85;
proxy_read_timeout 60;
proxy_connect_timeout 60;
proxy_redirect off;
proxy_buffering off;
# Allow the use of websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/vicente-munoz.cl/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/vicente-munoz.cl/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.vicente-munoz.cl) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = vicente-munoz.cl) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name vicente-munoz.cl;
server_name www.vicente-munoz.cl;
return 404; # managed by Certbot
}