• Home
• Blog Categories
• Projects
• Résumé

This post is part of a series. This list contains all of the posts:

• Python Blog
• How to Set Up and Harden a Centos Server on Digital Ocean
• How to direct a GoDaddy DNS to a Digital Ocean Droplet
• How to Build Python from Source Correctly on Centos
• How to install and set up Nginx and Gunicorn to Serve a Website
• How to use Let's Encrypt with Nginx to obtain a Legitimate and Free SSL Certificate for HTTPS
• Python Blog Overview and Architecture
• How to implement SEO for a website
• How to write an Auto-Save feature for content with Flask and JQuery
• How to serve Markdown syntax as HTML with Flask and the markdown package
• How to log to a Database with Flask
• How to implement a Hierarchical Category system for Blog Posts
• Upload a picture and insert it in post while authoring content
• Search for a post to link to and insert it in post while authoring content
• Denormalizing Temperature Data across time for Google Charts in Flask
• How to Set Up Travis CI with Github for a Python Project
• How to use Paste.js to capture an image pasted into a text area
• How to use 2to3 to convert a Python project to Python3
• Letsencrypt certbot renew error __str__ returned non-string (type Error)

Let's Encrypt and Nginx Tutorial

Let's Encrypt is a free provider of legitimate SSL certificates trusted by all browsers. My employer Cisco happens to be a sponsor. It is now fantastically easy and free to set your website up with HTTPS so there is no excuse not to.

Before you can get Let's Encrypt to create your certificate, your DNS needs to be pointing to your IP via an A record.

I've liberally reproduced from the following sources of information for this post: * https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-centos-7

Let's Encrypt installation and Certificate Generation

Install the Let's Encrypt software via the following:

sudo yum install epel-release
sudo yum install certbot

Inside of the Nginx default.d directory, add the following file:

sudo vi /etc/nginx/default.d/le-well-known.conf

Add the following contents:

location ~ /.well-known {
    allow all;
}

Restart nginx

sudo systemctl restart nginx

Now use the Let's Encrypt utility:

sudo certbot certonly -a webroot \
--webroot-path=/usr/share/nginx/html \
-d matthewmoisen.com -d www.matthewmoisen.com

The bot will ask you for an email and to consent to the terms of service.

This will install a few files that you will use later:

[myuser] sudo ls /etc/letsencrypt/live/matthewmoisen.com
cert.pem  chain.pem  fullchain.pem  privkey.pem

Generate a DH Group

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

This will take a long time and then create a file in /etc/ssl/certs/dhparam.pem

Let's Encrypt requires that you renew the certificate every 90 days. Its simple to do this by using the Let's Encrypt utility and setting up an entry in cron.

sudo crontab -e

And add the following two entries

 30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log
 35 2 * * 1 /usr/bin/systemctl reload nginx

This will trigger the renewal process once a week on Monday.

Nginx SSL Setup

Create a new file for the Nginx configuration:

sudo vi /etc/nginx/conf.d/ssl.conf

At this point you should head over to the Digital Ocean article and copy and paste the Nginx confiruation for the ssl.conf file since there is no need for me to do so here.

After this is ready, we want to redirect all HTTP traffic to HTTPS.

sudo vi /etc/nginx/default.d/ssl-redirect.conf

Add the following content:

return 301 https://$host$request_uri;

Restart nginx

sudo systemctl restart nginx

Verify it works, and then run a Qualys scan on it:

https://www.ssllabs.com/ssltest/analyze.html?d=matthewmoisen.com

This post is part of a series. This list contains all of the posts:

• Python Blog
• How to Set Up and Harden a Centos Server on Digital Ocean
• How to direct a GoDaddy DNS to a Digital Ocean Droplet
• How to Build Python from Source Correctly on Centos
• How to install and set up Nginx and Gunicorn to Serve a Website
• How to use Let's Encrypt with Nginx to obtain a Legitimate and Free SSL Certificate for HTTPS
• Python Blog Overview and Architecture
• How to implement SEO for a website
• How to write an Auto-Save feature for content with Flask and JQuery
• How to serve Markdown syntax as HTML with Flask and the markdown package
• How to log to a Database with Flask
• How to implement a Hierarchical Category system for Blog Posts
• Upload a picture and insert it in post while authoring content
• Search for a post to link to and insert it in post while authoring content
• Denormalizing Temperature Data across time for Google Charts in Flask
• How to Set Up Travis CI with Github for a Python Project
• How to use Paste.js to capture an image pasted into a text area
• How to use 2to3 to convert a Python project to Python3
• Letsencrypt certbot renew error __str__ returned non-string (type Error)

Comments

Add Comment