I decided to use the Let’s Encrypt offer and configure the free certificate for my website. From today you are browsing my website in a safe way.
HTTPS keeps stuff secret by encrypting it as it moves between your browser and the website’s server. This ensures that anyone listening in on the conversation can’t read anything. This could include your ISP, a hacker, snooping governments, or anyone else who manages to position themselves between you and the web server.
I encourage everyone to implement this solution on their websites. In addition, using https has a good effect on website positioning. Google is more likely to promote websites that encrypt traffic than those without encryption.
Below I will present the steps I have made to configure my web server (Nginx) on Debian to use HTTPS.
Edit source list
sudo nano /etc/apt/source.list
Add backports (in my case it is Debian 8)
deb http://ftp.debian.org/debian jessie-backports main
Update packages list
sudo apt-get update
Install Certbot for Nginx
sudo apt-get install python-certbot-nginx -t jessie-backports
I am using UFW. These are commands to allow traffic on spcific ports.
sudo ufw allow 443/tcp
For IP Tables:
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
In Nginx configuration you need to check if
server_name is set.
sudo nano /etc/nginx/sites-available/default
Add domain name to server block
server_name example.com www.example.com;
Check Nginx config
sudo nginx -t
If everything is ok, restart Nginx.
sudo service nginx restart
sudo systemctl restart nginx
If this is your first time running
certbot, you will be prompted to enter an email address and agree to the terms of service.
sudo certbot --authenticator standalone --installer nginx -d example.com -d www.example.com --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
Provide your email and accept terms. Your cert will be generated.
If successful, you will be able to choose between enabling both http and https access or forcing all requests to redirect to https.
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
I suggest to choose option 2. Certbot will add automatically additional lines to your website config. Once complete you will get message:
As Let’s Encrypt certs expire after 90 days, they need to be checked for renewal periodically. Certbot will automatically run twice a day and renew any certificate that is within thirty days of expiration.
To test that this renewal process is working correctly, you can run:
sudo certbot renew --dry-run
Don’t forget to backup your keys. They are located here: