How To Secure Nginx with Let's Encrypt on for a subdomain

November 10, 2018 7.6k views
DNS Ubuntu 18.04

I have followed this tutorial to secure nginx with lets encrypt for this domain and sub domain example.com and www.example.com (my domain instead of example)

Now I have another sub domain something.example.com, it's pointing to my VPS and I created an ngnix server block to serve static content for it. Now how do I use python-certbot-nginx package to secure the new sub domain?

3 Answers

Hi !
If you have create your vhost to your subdomain, you have just to do this command :

Install Certbot :

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
./letsencrypt-auto certonly --standalone

Certificate your subdomain :

sudo ./certbot-auto certonly --standalone -d sub.domain.com

It works fine for me. Don't forget to restart nginx :

service nginx reload
  • Is there a way to do it with python-certbot-nginx package?

    • I suppose you have a Debian 9 machine,
      So you can do this :

      sudo certbot -a dns-plugin -i nginx -d sub.domain.com --server https://acme-v02.api.letsencrypt.org/directory
      

      Other way, you can follow this helper :
      https://certbot.eff.org/lets-encrypt/debianstretch-nginx

      • No I'm on I'm on Ubuntu 18.04

        This is the command I used to setup setup SSL certificate for the other domain

        sudo certbot --nginx -d example.com -d www.example.com

        The problem is I'm kind of scared of trial and error now because the server is serving around 500 concurrent users so I don't want to cause any problem that would lead to a down time.

        • Ubuntu and Debian are about the same.

          The creation of a SSL certificate doesn't give any problems for all of your users.

          The root path of your website don't change, Certbot add new lines automaticly in your .conf file.

          When I dev an Angular app, the only way who gives me a down time is when I rebuild my project, but when I created a SSL certificate, it doesn't affect my website accessibility.

          • Thank you, I ran this command for the new sub domain and it worked

            sudo certbot --nginx -d sub.domain.com

Hey, I discovered that there is a handy certbot cli command (works on ubuntu 16.04)
simply type:

certbot

Gives you something like that:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: [editted]
2: [editted]
3: [editted]
4: [editted]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

Guys I can't access my subdomain on http, its shows on https. Here are my nginx config.

listen 80 default_server;
Have another answer? Share your knowledge.