Introduction:
Securing your Nginx web server with a trusted SSL/TLS certificate is crucial to protect sensitive data and ensure secure communication between your server and clients. Let’s Encrypt, a widely recognized certificate authority, offers free SSL certificates. In this article, we will walk you through the process of securing your Nginx server with Let’s Encrypt on Rocky Linux 9, enabling encrypted connections and boosting your website’s security.
Step 1: Install Certbot:
Before you can secure your Nginx server with Let’s Encrypt, you need to install Certbot, a tool for automating the certificate issuance and renewal process. Open a terminal on your Rocky Linux 9 server and run the following command:
sudo dnf install certbot python3-certbot-nginx
This command will install Certbot and its Nginx plugin.
Step 2: Configure Firewall and Open Ports:
To allow Let’s Encrypt to verify your domain ownership, you need to ensure that your firewall allows inbound connections on ports 80 (HTTP) and 443 (HTTPS). Adjust your firewall rules accordingly using a command such as:
sudo firewall-cmd --add-service=http --permanent sudo firewall-cmd --add-service=https --permanent sudo firewall-cmd --reload
Step 3: Obtain and Install the Let’s Encrypt Certificate:
With Certbot installed and the necessary ports open, you can now obtain and install the Let’s Encrypt SSL certificate for your Nginx server. Run the following command in the terminal:
sudo certbot --nginx
Certbot will automatically detect the Nginx configuration and guide you through the certificate issuance process. You may be prompted to enter your email address and agree to the terms of service.
Step 4: Choose Domain(s) and Select HTTPS Redirect:
Certbot will ask you to choose which domain(s) you want to secure. Select the appropriate domains by using the spacebar to mark them and then pressing Enter. Additionally, you will be prompted to choose whether to redirect all HTTP traffic to HTTPS. Choose the desired option based on your preference.
Step 5: Certificate Issuance and Nginx Configuration:
Certbot will communicate with the Let’s Encrypt servers to issue the SSL certificate. Once the certificate is obtained, Certbot will automatically update your Nginx configuration to use the certificate for the selected domains.
Step 6: Test and Verify SSL Configuration:
After the Nginx configuration is updated, it is essential to test the SSL configuration and verify that everything is functioning correctly. Run the following command to test the configuration:
sudo nginx -t
If the test is successful without any errors, proceed to the next step. Otherwise, review the error message and make the necessary adjustments to your Nginx configuration.
Step 7: Automatic Certificate Renewal:
Let’s Encrypt SSL certificates have a validity period of 90 days. To ensure continuous security, it is crucial to set up automatic certificate renewal. Certbot already sets up a cron job for automatic renewal, but you can verify it by running the following command:
sudo crontab -l
This command will display the existing cron jobs, including the Certbot renewal process.
Conclusion:
By following the step-by-step guide provided in this article, you have successfully secured your Nginx server with a Let’s Encrypt SSL certificate on Rocky Linux 9. The encrypted connection provided by the SSL certificate enhances the security of your website or web application, ensuring the privacy and integrity of user data. Remember to periodically check the certificate expiration date and confirm that the automatic renewal process is functioning correctly. With a secure
Nginx server, you can establish trust with your users and provide a safe browsing experience.
Nilesh R. Agrawal 