Configuring LetsEncrypt for your hosting platform is now a fundamental step for any website operator. This guide outlines the key procedures to set up a secure certificate using Certbot.
Prerequisites and Initial Setup
Before beginning the configuration, ensure your VPS has a reachable domain pointing to it. You will need root access and a HTTP daemon like Apache. The Let's Encrypt client package must be set up via your apt or yum. For example, on CentOS, run: `sudo apt install certbot` or `sudo yum install certbot`.
Obtaining the Certificate
The simplest method is to use the DNS plugin. For Nginx, the `--apache` or `--nginx` plugin can automatically modify your configuration file. Run: `sudo certbot --apache -d example.com -d www.example.com`. This initiates the verification process. If you prefer the webroot approach, use: `sudo certbot certonly --webroot -w /var/www/html -d example.com`. This deposits a challenge in your document root.
Web Server Configuration Adjustments
After receiving click here the certificate, you must update your server block to use the SSL file locations. For Apache, the typical directives are:
- SSLCertificateFile: `/etc/letsencrypt/live/example.com/fullchain.pem`
- SSLCertificateKeyFile: `/etc/letsencrypt/live/example.com/privkey.pem`
Ensure you activate HTTPS rewriting from HTTP to HTTPS. A 301 redirect is recommended. For Nginx, insert a `return 301 https://$host$request_uri;` or use `RewriteEngine On` with `RewriteRule`.
Automated Renewal and Verification
Let's Encrypt certificates expire 90 days. The client configures a cron job to renew them without manual intervention. To test the renewal process, run: `sudo certbot renew --dry-run`. Review your server logs for issues. If the renewal fails, check for DNS issues.
Security Hardening (Optional but Recommended)
To improve security, enable STS headers by adding `add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;` in your location block. Also, turn off SSLv3 and enable secure protocols. A robust configuration secures your users from MITM threats.
By implementing these instructions, your site will be encrypted with a free Let's Encrypt certificate, guaranteeing privacy for every connection.