Issue Let's Encrypt certificates for multiple websites Nginx

-

In this tutorial, you'll learn how to issue Let's Encrypt certificates for multiple websites using Nginx. Let's Encrypt is a free and open-source certificate authority that provides SSL/TLS certificates to encrypt your website's traffic. 

This guide covers the steps to install Certbot, configure Nginx for SSL, and automate the certificate renewal process. By following these instructions, you can ensure that all your websites are secure and up-to-date with the latest certificates.

Prerequisites

  • Ubuntu instance with a LEMP stack installed.
  • Two valid domain name. My example, devopsroles.com and huuphan.com
  • You have access shell login VPS.
  • You neeed install package certbot python3-certbot-nginx on your system.

Let's Encrypt Certificates and Nginx

Configure Certbot Let's Encrypt certificates for the first website

Let's Encrypt free SSL for website. you run command the following

certbot --nginx -d huuphan.com
you see the following output:

root@localhost:~# certbot --nginx -d huuphan.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/huuphan.com.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Attempt to reinstall this existing certificate
2: Renew & replace the certificate (may be subject to CA rate limits)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate for huuphan.com
Deploying Certificate to VirtualHost /etc/nginx/conf.d/huuphan.com.conf
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/huuphan.com.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains: https://huuphan.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/huuphan.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/huuphan.com/privkey.pem
   Your certificate will expire on 2021-11-16. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again with the "certonly" option. To non-interactively
   renew *all* of your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Repeat the same process for other website devopsroles.com

You proceed to repeat the process for all your other websites. you can test your SSL certificates by visiting the URL https://www.ssllabs.com/ssltest/analyze.html

Automate Let's Encrypt Certificate Renewal

setup cron job

crontab -e
Add the following line:

10 11 * * *   root /usr/bin/certbot renew >/dev/null 2>&1
You can renew the certificates manually
certbot renew
Test certificate are being renewed correctly
certbot renew --dry-run

Conclusion

Using Let's Encrypt with Nginx to issue SSL certificates for multiple websites is a straightforward process that enhances your web security. By following the guide, you can configure Certbot to automate the issuance and renewal of certificates for all your domains, ensuring your websites remain secure without manual intervention. Automating the renewal process with cron jobs further simplifies maintenance, providing continuous protection for your online presence. thank you for reading the huuphan.com page!

Comments

Post a Comment

Popular posts from this blog

zimbra some services are not running [Solve problem]

-
How to solved zimbra some services are not running. That after, to installed zimbra mail server. The display a some admin console status red in environment multiple server ( zimbra ldap, zimbra mailbox, zimbra mta etc.). Link to below you maybe likes: How to install and configure zimbra multi server.   How to restrict to user sending mail on zimbra 8.6. How to Restrict Sending to Distribution list in zimbra mail. How to change last login time for all accounts in zimbra ldap. How to zimbra reject authenticated sender login mismatch. Error zimbra some services are not running as bellow Step by step guide the solve problem zimbra some services are not running the following: To restart and enable cron service the permanently. service crond restart chkconfig crond on Opening rsyslog.conf file and uncomment the following. vim /etc/rsyslog.conf Uncomment these two lines $modload imupd $UDPServerRun514   To restart and enable rsyslog service the permanently. servic
Read more

How to install php7 on centos 6: A Step-by-Step Guide

-
Introduction Learn how to install PHP7 on CentOS 6 using the Remi repository with our detailed step-by-step guide. Includes instructions for setting up PHP7 for Nginx with PHP-FPM and PHP-MySQL. PHP7 brings significant improvements in performance and new features compared to its predecessors. If you're running CentOS 6 and looking to upgrade to PHP7, this guide will help you through the installation process using the Remi repository. We will cover the basic steps and provide additional instructions for setting up PHP7 for Nginx. Prerequisites Before you begin, ensure you have the following: A CentOS 6 server Root access or a user with sudo privileges Step 1: Update the System Start by updating your system to ensure all existing packages are up to date. Copy code yum update -y Step 2: Install Required Packages Install wget and yum-utils to facilitate the installation of the Remi repository. Copy code yum install wget yum-utils -y Step 3: Add the Remi Repository Download and insta
Read more

Bash script list all IP addresses connected to Server with Country Information

-
Introduction Learn how to create a Bash script to list all IP addresses connected to your server. This comprehensive guide covers everything from basic to advanced examples, helping you master server monitoring with Bash scripting. This script is designed to list all IP addresses connected to your server, retrieve geographical information for each IP using ipinfo.io , and display the results in a clean format. This guide will walk you through the script, explaining each part in detail, and ensuring you understand how to implement and use it effectively. What is Bash? Bash (Bourne Again Shell) is a Unix shell and command language written by Brian Fox for the GNU Project as a free software replacement for the Bourne shell. It has since become the default login shell for most Linux distributions. Bash can execute commands, read and execute commands from a file, and provide constructs for condition testing, looping, and functions. Prerequisites A Linux-based server with administrative pri
Read more