Configuring Let's Encrypt for your hosting platform is now a standard practice for any website operator. This guide outlines the core configurations to set up a valid certificate using Certbot.
Prerequisites and Initial Setup
Before starting the configuration, verify your machine has a public IP pointing to it. You will need root access and a HTTP daemon like Nginx. The Certbot package must be added via your OS repository. For example, on CentOS, run: `sudo apt install certbot` or `sudo yum install certbot`.
Obtaining the Certificate
The simplest method is to use the DNS plugin. For Nginx, the `--apache` or `--nginx` plugin can directly modify your configuration file. Run: `sudo certbot --apache -d example.com -d www.example.com`. This starts the verification process. If you prefer manual control, use: `sudo certbot certonly --webroot -w /var/www/html -d example.com`. This creates a validation file in your document root.
Web Server Configuration Adjustments
After receiving the certificate, you must update your server block to use the key and certificate files. For Nginx, the standard directives are:
- ssl_certificate: `/etc/letsencrypt/live/example.com/fullchain.pem`
- SSLCertificateKeyFile: `/etc/letsencrypt/live/example.com/privkey.pem`
Ensure you turn on HTTPS rewriting from HTTP to HTTPS. A 301 redirect is recommended. For Nginx, insert a `return 301 https://$host$request_uri;` or use `RewriteEngine On` with `RewriteRule`.
Automated Renewal and Verification
Let's Encrypt certificates expire 90 days. The client sets up a cron job to renew them automatically. To verify the renewal website process, run: `sudo certbot renew --dry-run`. Review your certbot logs for warnings. If the renewal fails, investigate for port 80 issues.
Security Hardening (Optional but Recommended)
To boost security, consider HTTP Strict Transport Security (HSTS) by adding `add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;` in your virtual host. Also, turn off TLS 1.0 and enable secure protocols. A solid configuration secures your clients from vulnerabilities.
By adhering to these steps, your web server will be secured with a automated Let's Encrypt certificate, guaranteeing trust for every session.