🔒Setup SSL Certificate

SSL Certificate setup in linux server

We are going to use dehydrated opensource tools for signing certificates.

STEP 1: Log in as a root to the server.

ssh root@ip_address

STEP 2: Clone dehydrated Github repo inside `/opt/`

cd /opt/ && git clone https://github.com/dehydrated-io/dehydrated

STEP 3: Create `dehydrated` directory inside /etc/

cd /etc/ && mkdir dehydrated

STEP 4: Copy config file into /etc/dehydrated/ from docs/examples

cd /dehydrated/ && cp /opt/dehydrated/docs/examples/config .

STEP 5: Create .well-known/acme-challenge directory in /var/www/html

mkdir -p /var/www/html/.well-known/acme-challenge

STEP 6: Change the config file as follows

BASEDIR=/etc/dehydrated

WELLKNOWN="/var/www/html/.well-known/acme-challenge"

[email protected]

STEP 7: Create domains.txt inside /etc/dehydrated/

echo "yourdomain.com www.yourdomain.com" > domains.txt

STEP 8: Update nginx.conf file with .well-known location

server {
  listen 80;
  server_name yourdomain.com www.yourdomain.com;
  ...
  ...
  ...
  location /.well-known {
	  root	/var/www/html;
  }
}

STEP 9: Restart nginx

systemctl restart nginx

STEP 10: Run Register and Accept terms then Run dehydrated

/opt/dehydrated/dehydrated --register --accept-terms && \
/opt/dehydrated/dehydrated -c

STEP 11: Configure server in nginx.conf

server {

    listen          80;
    server_name    yourdomain.com www.yourdomain.com;

    root            /var/www/html;

    location / {
        return  301 https://ytbot.xyz$request_uri;
    }

    location /.well-known {
        root    /var/www/html;
    }

}

server {
    listen 443 ssl http2;

    ssl_certificate         /etc/dehydrated/certs/yourdomain.com/fullchain.pem;
    ssl_certificate_key     /etc/dehydrated/certs/yourdomain.com/privkey.pem;
 
    server_name 138.68.5.100 yourdomain.com www.yourdomain.com;
    ...
    ...
    ...

    location /.well-known {
	    root	/var/www/html;
    }
}

STEP 12: Restart Nginx Server again

systemctl restart nginx

STEP 13: To Renew Certificates setup a weekly cron job

#!/bin/bash

LOGFILE=/var/log/dehydrated_ssl_renew.log

echo -e "\n# $(date -u '+%F %T') $0 $@\n" >> $LOGFILE

/opt/dehydrated/dehydrated -c >> $LOGFILE 2>&1

Previous🚀Django Deployment NextMongoDB

Last updated 5 years ago

Was this helpful?

STEP 1: Log in as a root to the server.

STEP 2: Clone dehydrated Github repo inside /opt/

STEP 3: Create dehydrated directory inside /etc/

STEP 4: Copy config file into /etc/dehydrated/ from docs/examples

STEP 5: Create .well-known/acme-challenge directory in /var/www/html

STEP 6: Change the config file as follows

STEP 7: Create domains.txt inside /etc/dehydrated/

STEP 8: Update nginx.conf file with .well-known location

STEP 9: Restart nginx

STEP 10: Run Register and Accept terms then Run dehydrated

STEP 11: Configure server in nginx.conf

STEP 12: Restart Nginx Server again

STEP 13: To Renew Certificates setup a weekly cron job

STEP 2: Clone dehydrated Github repo inside `/opt/`

STEP 3: Create `dehydrated` directory inside /etc/