Using SSL encryption on your website or blogs to protect user’s privacy is not a bad idea. In fact, Google recommends it.
Google announced few months back, that if you migrate to your websites and blogs to HTTPS, you may get a small bump on its search engine result pages.
Adding SSL encryption also cost money depending on the certificate you want to install. For those who are not making enough money from their websites or blogs but still want to add SSL certificates can use LetsEncrypt.
LetsEncrypt is a free open certificate authority (CA) that provides free certificates for websites and other services.
For more about who behind this, check their page here.
This brief tutorial is going to show you how to easily get LetsEncrypt’s certificates working on Ubuntu for your Nginx webservers.
The first thing to do is to clone the git project to your server. This means downloading the required packages from git to your server.
If you don’t already have git installed, you must install it first. To do that, run the commands below.
sudo apt-get install git
Next, clone LetsEncrypt git project to your server.
git clone https://github.com/letsencrypt/letsencrypt
Then change into the project folder.
cd letsencrypt
When you’re there, run the commands below to generate a SSL certificate for your website or blogs.
./letsencrypt-auto certonly -a standalone -d example.com -d www.example.com
LetsEncrypt puts its keys in this directory /etc/letsencrypt
The final thing to do after generating the certificates is to configure Nginx webserver to use the cert.
More on installing certificate on Ubuntu server for Nginx can be found on this blog post
Example configuration for Nginx webserver is as followed:
listen 443 ssl spdy;
listen [::]:443 ssl spdy;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
#
#
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.1 TLSv1.2;
#
#
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
#
#
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=86400;
resolver_timeout 10;
Save your configuration and restart Nginx webserver.
That’s it! If everything is setup correctly, your site should be SSL enabled for free.
Enjoy!