Let's Encrypt provides free certificate for transport layer security encryption. It is possible to generate the certificate for different web servers.
In this case it was a spring-boot application that was running with Nginx. Following are the setps to generate and install the SSL:
Setp 1:
First of all install the certbot FOR Nginx using the following commands:
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx
Step 2:
We need to ensure that the domain name exists in Nginx configuraiton file like below:
server {
server_name <your domain>;
....
}
Step 3:
Once the certbot is installed things are ready to generate the certificate. The following command is used to generate the certificate for Nginx:
sudo certbot --nginx -d <your domain>
Step 4:
Once we run the above command it will automatically install the certificate in Nginx configuration file like below:
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/<your-domain>/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/<your-domain>/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
NB: In this step it will ask for the confirmation about force https. If we want to force https then it will generate the last 3 lines
Step 5:
In our case the sprint-boot application was running at port 8080. So we had to add a proxy_pass to run the spring-boot with Nginx like below:
location / { proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
Following situation might occur whlie generating the SSL certificate for nginx.
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
To solve the issue run the following command:
Solution:
sudo certbot --authenticator standalone --installer nginx -d <your-domain> --pre-hook "service nginx stop" --post-hook "service nginx start"
In this case it was a spring-boot application that was running with Nginx. Following are the setps to generate and install the SSL:
Setp 1:
First of all install the certbot FOR Nginx using the following commands:
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx
Step 2:
We need to ensure that the domain name exists in Nginx configuraiton file like below:
server {
server_name <your domain>;
....
}
Step 3:
Once the certbot is installed things are ready to generate the certificate. The following command is used to generate the certificate for Nginx:
sudo certbot --nginx -d <your domain>
Step 4:
Once we run the above command it will automatically install the certificate in Nginx configuration file like below:
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/<your-domain>/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/<your-domain>/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
NB: In this step it will ask for the confirmation about force https. If we want to force https then it will generate the last 3 lines
Step 5:
In our case the sprint-boot application was running at port 8080. So we had to add a proxy_pass to run the spring-boot with Nginx like below:
location / { proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
Following situation might occur whlie generating the SSL certificate for nginx.
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
To solve the issue run the following command:
Solution:
sudo certbot --authenticator standalone --installer nginx -d <your-domain> --pre-hook "service nginx stop" --post-hook "service nginx start"
Comments
Post a Comment