DO Let's encrypt certificate + nginx

Posted on December 26, 2019

Hi,

I just generated certificate (Security->Add Certificate) for a domain. But what should I do next? I have Nginx server running on Ubuntu. I need to configure 443 port for Nginx, but this requires to set a path to certificates (pem). There are tons of Certbot tutorials, but I assume it’s not needed and certificate is managed by DigitalOcean.

Thanks for any help!

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

lequal

December 26, 2019

Thanks for quick answer. Does it mean I actually need to install certbot? By the way “sudo apt-get mod_ssl” throws an error.

“touch server.crt /etc/nginx/ssl” didn’t create any .crt file

“Once you have created the files, paste the information into them” - paste information from where?

Thanks

KFSys

December 26, 2019

Hi @lequal,

You are correct, DigitalOcean has articles on how to enable Let’s Encrypt on Nginx with Certbot. I would recommend reading and using them as everything is automatically created in your nginx configuration. Here is an article about that : https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04

If you however want to do this manually, you can follow these steps

**1. Log into the server using SSH. **

ssh root@YourDropletIp

2. Check the OpenSSL client software.

sudo apt-get mod_ssl openssl

3. Make a directory to store the server key and certificate.

$ sudo mkdir mkdir /etc/nginx/ssl

4. Copy the SSL certificate file and server key.

$ touch server.crt /etc/nginx/ssl
$ touch server.key /etc/nginx/ssl

Once you have created the files, paste the information into them

nano /etc/nginx/ssl/server.crt
nano /etc/nginx/ssl/server.key

5. Edit the ssl.conf

$ sudo nano /etc/nginx/sites-available/default/your_very_own_domain.com

Once open, the file can be edited so that it points to the correct files in the Web server. It will look something like:

server {
listen  80;
listen 443 ssl;

ssl on;
ssl_certificate /etc/ssl/your_domain_name.pem; 
ssl_certificate_key /etc/ssl/your_domain_name.key;

server_name your_very_own_domain.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /home/www/public_html/your_very_own_domain.com/public/;
index index.html;
}
}

6.Restart Nginx