https Archives - The Linux GURUS https://thelinuxgurus.com/tag/https/ Learn Linux & DevOPS from THE LINUX GURUS Tue, 03 Nov 2020 15:54:22 +0000 en-US hourly 1 https://i0.wp.com/thelinuxgurus.com/wp-content/uploads/2020/01/cropped-thelinuxgurus_transparent_name.png?fit=32%2C32&ssl=1 https Archives - The Linux GURUS https://thelinuxgurus.com/tag/https/ 32 32 148921671 How to create a free SSL certificate using Let’s Encrypt in Linux https://thelinuxgurus.com/how-to-create-a-free-ssl-certificate-using-lets-encrypt-in-linux/ https://thelinuxgurus.com/how-to-create-a-free-ssl-certificate-using-lets-encrypt-in-linux/#respond Tue, 03 Nov 2020 15:54:22 +0000 https://thelinuxgurus.com/?p=1252 Let’s encrypt is non-profit, free, and open certificate authority, or CA that is run by Internet Security Research Group or ISRG. Let’s Encrypt provides a...

The post How to create a free SSL certificate using Let’s Encrypt in Linux appeared first on The Linux GURUS.

]]>
Let’s encrypt is non-profit, free, and open certificate authority, or CA that is run by Internet Security Research Group or ISRG. Let’s Encrypt provides a TLS certificate & provide certificate for 90 days, which can then be renewed at any point during these 90 days without any charge what-so-ever.

The main aim of Let’s Encrypt is to make the internet secure by making SSL certificates accessible to all with ease. In this tutorial, we will learn to create a free SSL certificate using Let’s Encrypt in Linux.

Recommended Read: Beginner’s guide to NGINX SSL CONFIGURATION

Also Read: Create a SELF-SIGNED SSL Certificate in Linux

So let’s start with the tutorial.


Install Certbot in Linux

We will be using certbot to create a free Let’s Encrypt SSL certificate in Linux. Let’s discuss how we can install certbot on various Linux distros.

Ubuntu/popOS/Debian/LinuxMInt

For their distributions, we need to have snap package manager installed, as the certbot packages are maintained on snap repositories.

The Snap package manager is installed on all the new versions of Ubuntu. If you are still using an older version of Ubuntu, then you can install the snap package manager using the following command,

$ sudo apt-get install snapd

Once the snap is installed, we can then install certbot on the system. But before we do that, just make sure that there are not any other versions of certbot installed on the system, & if they are, we need to remove them,

$ sudo apt-get remove certbot

Now install the certbot with the help of snap,

$ sudo snap install –classic certbot

CentOS/RHEL

For CentOS & RHEL, we need to have an EPEL repository on the system to install certbot. Install the EPEL repository using the following command,

# yum install epel-release

Now we can install the certbot with the following command,

# yum install certbot

Now let’s proceed ahead with the SSL creation.


Create free SSL certificate using Let’s Encrypt in Linux

Now when the certbot has been installed, we can create the free SSL certificate using Let’s Encrypt in Linux with the following command,

$ sudo certbot certonly -d thelinuxgurus.com –manual –preferred-challenges dns

free SSL certificate using Let's Encrypt

See the screenshot above, mainly the highlighted part. I know the cert was not created for my domain as i already have a SSL cert & did not want to add a TXT record in DNS. But if you need an SSL certificate, you must prove the domain ownership by adding the TXT DNS record as mentioned for you, when you run the command.

Once you have added the record, wait for some time as DNS records can take some time to propagate successfully. After that press ENTER to confirm & verify the DNS record to create a certificate successfully.

Once the certificate is created, you can manually install the certificate on a web server of your choice or on WordPress using CPanel, etc.

If you need to renew the certificate, then you can run the following command,

$ sudo certbot renew

You can also dry run to simulate the certificate renewal with the following command,

$ sudo certbot renew –dry-run

This completes our tutorial on how to create a free SSL certificate using Let’s Encrypt in Linux.

If you think we have helped you or just want to support us, please consider these:-

Connect to us: Facebook | Twitter | Linkedin

TheLinuxGURUS are thankful for your continued support.

The post How to create a free SSL certificate using Let’s Encrypt in Linux appeared first on The Linux GURUS.

]]>
https://thelinuxgurus.com/how-to-create-a-free-ssl-certificate-using-lets-encrypt-in-linux/feed/ 0 1252
Beginner’s guide to NGINX SSL CONFIGURATION https://thelinuxgurus.com/beginners-guide-to-nginx-ssl-configuration/ https://thelinuxgurus.com/beginners-guide-to-nginx-ssl-configuration/#respond Tue, 27 Oct 2020 15:41:29 +0000 https://thelinuxgurus.com/?p=1247 Security is one of the main concerns that needs to be addressed on priority for all applications or websites. All websites are required to have...

The post Beginner’s guide to NGINX SSL CONFIGURATION appeared first on The Linux GURUS.

]]>
Security is one of the main concerns that needs to be addressed on priority for all applications or websites. All websites are required to have a valid SSL certificate installed in order to encrypt the data packets/traffic between users & websites. Even web browsers show a warning when we visit a website that does not have SSL certificate installed.

In this tutorial, we will discuss how we can perform Nginx SSL configuration to configure a SSL certificate to secure our websites hosted on Nginx. So start the complete process for Nginx SSL configuration but let’s discuss the prerequisites first.

Pre-requisites

Now let’s move on to Nginx SSL configuration part. We will first be creating a self-signed certificate first  & then will configure the Nginx web server to use that certificate.

Recommended Read: Create a SELF-SIGNED SSL Certificate in Linux

Also Read: How to Host Multiple Websites with Nginx in Linux


Create a self signed certificate

Create a certificate with the following command,

$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /home/shusain/test.key -out /home/shusain/test.crt

here, openssl command is used for managing ssl,

req –x509 is public key infrastructure for ssl,

-nodes, means we don’t need a passphrase,

-days 365 is the validity of the certificate in days,

-newkey rsa:2048  means cert will 2048 bit long & uses RSA as encryption,

-keyout,provides the location for private key,

-out provides the place our SSL certificate.

So now, we have our private key (home/shusain/test.key) & a self signed certificate (home/shusain/test.crt). We need both these to configure ssl certificates in nginx.

So let’s move them to a new folder for ease of administration,

# mkdir /etc/nginx/ssl

# mv /home/shusain/test.key /etc/nginx/ssl/

# mv /home/shusain/test.crt /etc/nginx/ssl/

Now let’s move on to next step i.e. Nginx SSL configuration.


Nginx SSL configuration

Now that we have the required private key and certificate with us, we configure the SSL certificate in Nginx. We can use ‘/etc/nginx/nginx.conf’ to configura the ssl in Nginx but it is advisable to create a separate file for ssl,

# vi /etc/nginx/conf.d/ssl.conf

& enter the following lines to the file,

server {

    listen 443 ssl;

    server_name example.com;

    ssl_certificate /etc/nginx/ssl/test.crt;

    ssl_certificate_key /etc/nginx/ssl/test.key;

    ssl_dhparam /etc/ssl/certs/dhparam.pem;

root /var/www/html;

index index.html index.htm index.nginx-debian.html;

}

All we have to do is to reload the nginx configuration to complete the Nginx SSL configuration & install ssl certificate in Nginx,

# systemctl reload nginx

Now we can access our website with the https followed by the website URL,

https://example.com

Since we are using a self-signed certificate, we might get a warning but we can ignore that & click on ‘Proceed anyway’ to open the website.


Additional Parameters for SSL

The above-mentioned parameters are the basic configuration for SSL, we can actually select a number of options like TLS versions. Ciphers suites as well depending on our need.

An example to additional parameters that can be used are,

server {

    listen 443 ssl;

    server_name example.com;

    ssl_certificate /etc/nginx/ssl/test.crt;

    ssl_certificate_key /etc/nginx/ssl/test.key;

    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    root /var/www/html;

     index index.html index.htm;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_prefer_server_ciphers on;

    ssl_ciphers “EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH”;

    ssl_ecdh_curve secp384r1;

    ssl_session_cache shared:SSL:10m;

    ssl_session_tickets off;

    ssl_stapling on;

    ssl_stapling_verify on;

    resolver 8.8.8.8 8.8.4.4 valid=300s;

    resolver_timeout 5s;

    add_header Strict-Transport-Security “max-age=63072000; includeSubdomains”;

    add_header X-Frame-Options DENY;

    add_header X-Content-Type-Options nosniff;

}

This completes our tutorial on how to perform Nginx SSL configuration & install a SSL certificate in Nginx. Please feel free to send in any questions or queries using the comment box below.

If you think we have helped you or just want to support us, please consider these:-

Connect to us: Facebook | Twitter | Linkedin

TheLinuxGURUS are thankful for your continued support.

The post Beginner’s guide to NGINX SSL CONFIGURATION appeared first on The Linux GURUS.

]]>
https://thelinuxgurus.com/beginners-guide-to-nginx-ssl-configuration/feed/ 0 1247