Configuring the free SSL provider for your web server is now a critical task for any site owner. This guide outlines the key procedures to integrate a trusted certificate using the official ACME client.
Prerequisites and Initial Setup
Before starting the website configuration, verify your VPS has a DNS record pointing to it. You will need administrator rights and a web server like Nginx. The Let's Encrypt client package must be added via your distribution's package manager. For example, on Ubuntu, run: `sudo apt install certbot` or `sudo yum install certbot`.
Obtaining the Certificate
The simplest method is to use the webroot plugin. For Nginx, the `--apache` or `--nginx` plugin can directly modify your configuration file. Run: `sudo certbot --apache -d example.com -d www.example.com`. This starts the domain validation. If you prefer the webroot approach, use: `sudo certbot certonly --webroot -w /var/www/html -d example.com`. This places a validation file in your document root.
Web Server Configuration Adjustments
After receiving the certificate, you must modify your server block to use the SSL file locations. For Apache, the standard directives are:
- ssl_certificate: `/etc/letsencrypt/live/example.com/fullchain.pem`
- ssl_certificate_key: `/etc/letsencrypt/live/example.com/privkey.pem`
Ensure you turn on HTTPS rewriting from HTTP to HTTPS. A 301 redirect is standard. For Apache, insert a `return 301 https://$host$request_uri;` or use `RewriteEngine On` with `RewriteRule`.
Automated Renewal and Verification
Let's Encrypt certificates are valid for 90 days. Certbot installs a systemd timer to refresh them without manual intervention. To simulate the renewal process, run: `sudo certbot renew --dry-run`. Review your server logs for warnings. If the renewal fails, investigate for DNS issues.
Security Hardening (Optional but Recommended)
To enhance security, enable STS headers by adding `add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;` in your location block. Also, remove TLS 1.0 and use secure protocols. A robust configuration safeguards your users from vulnerabilities.
By implementing these instructions, your site will be encrypted with a automated Let's Encrypt certificate, guaranteeing integrity for every request.