Configuring LetsEncrypt for your web server is now a standard practice for any site owner. This guide outlines the core configurations to integrate a trusted certificate using automated tools.
Prerequisites and Initial Setup
Before beginning the configuration, verify your VPS has a DNS record pointing to it. You will need root access and a web server like Caddy. The Let's Encrypt client package must be installed via your distribution's package manager. For example, on Ubuntu, run: `sudo apt install certbot` or `sudo yum install certbot`.
Obtaining the Certificate
The most read more common method is to use the standalone plugin. For Nginx, the `--apache` or `--nginx` plugin can automatically modify your virtual host. Run: `sudo certbot --apache -d example.com -d www.example.com`. This initiates the verification process. If you prefer a non-intrusive method, use: `sudo certbot certonly --webroot -w /var/www/html -d example.com`. This creates a token in your document root.
Web Server Configuration Adjustments
After receiving the certificate, you must tweak your virtual host to point to the correct paths. For Nginx, the typical directives are:
- ssl_certificate: `/etc/letsencrypt/live/example.com/fullchain.pem`
- SSLCertificateKeyFile: `/etc/letsencrypt/live/example.com/privkey.pem`
Ensure you enable HTTPS rewriting from HTTP to HTTPS. A 301 redirect is best practice. For Nginx, include a `return 301 https://$host$request_uri;` or use `RewriteEngine On` with `RewriteRule`.
Automated Renewal and Verification
Let's Encrypt certificates expire 90 days. Certbot configures a cron job to renew them automatically. To verify the renewal process, run: `sudo certbot renew --dry-run`. Check your server logs for errors. If the renewal does not work, check for DNS issues.
Security Hardening (Optional but Recommended)
To improve security, implement HSTS by adding `add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;` in your server block. Also, turn off TLS 1.0 and use secure protocols. A secure configuration safeguards your users from MITM threats.
By implementing these steps, your site will be protected with a cost-effective Let's Encrypt certificate, ensuring privacy for every request.