The main aim of Let’s Encrypt is to make the internet secure by making SSL certificates accessible to all with ease. In this tutorial, we will learn to create a free SSL certificate using Let’s Encrypt in Linux.

Recommended Read: Beginner’s guide to NGINX SSL CONFIGURATION

Also Read: Create a SELF-SIGNED SSL Certificate in Linux

So let’s start with the tutorial.

Install Certbot in Linux

We will be using certbot to create a free Let’s Encrypt SSL certificate in Linux. Let’s discuss how we can install certbot on various Linux distros.

Ubuntu/popOS/Debian/LinuxMInt

For their distributions, we need to have snap package manager installed, as the certbot packages are maintained on snap repositories.

The Snap package manager is installed on all the new versions of Ubuntu. If you are still using an older version of Ubuntu, then you can install the snap package manager using the following command,

$ sudo apt-get install snapd

Once the snap is installed, we can then install certbot on the system. But before we do that, just make sure that there are not any other versions of certbot installed on the system, & if they are, we need to remove them,

$ sudo apt-get remove certbot

Now install the certbot with the help of snap,

$ sudo snap install –classic certbot

CentOS/RHEL

For CentOS & RHEL, we need to have an EPEL repository on the system to install certbot. Install the EPEL repository using the following command,

# yum install epel-release

Now we can install the certbot with the following command,

# yum install certbot

Now let’s proceed ahead with the SSL creation.

Create free SSL certificate using Let’s Encrypt in Linux

Now when the certbot has been installed, we can create the free SSL certificate using Let’s Encrypt in Linux with the following command,

$ sudo certbot certonly -d thelinuxgurus.com –manual –preferred-challenges dns

See the screenshot above, mainly the highlighted part. I know the cert was not created for my domain as i already have a SSL cert & did not want to add a TXT record in DNS. But if you need an SSL certificate, you must prove the domain ownership by adding the TXT DNS record as mentioned for you, when you run the command.

Once you have added the record, wait for some time as DNS records can take some time to propagate successfully. After that press ENTER to confirm & verify the DNS record to create a certificate successfully.

Once the certificate is created, you can manually install the certificate on a web server of your choice or on WordPress using CPanel, etc.

If you need to renew the certificate, then you can run the following command,

$ sudo certbot renew

You can also dry run to simulate the certificate renewal with the following command,

$ sudo certbot renew –dry-run

This completes our tutorial on how to create a free SSL certificate using Let’s Encrypt in Linux.

The post How to create a free SSL certificate using Let’s Encrypt in Linux appeared first on The Linux GURUS.

In this tutorial, we will discuss how we can perform Nginx SSL configuration to configure a SSL certificate to secure our websites hosted on Nginx. So start the complete process for Nginx SSL configuration but let’s discuss the prerequisites first.

Pre-requisites

• Must have Nginx installed on our systems, you can refer to our tutorials to install Nginx on CentOS/RHEL or Ubuntu or even install Nginx from source.

Now let’s move on to Nginx SSL configuration part. We will first be creating a self-signed certificate first  & then will configure the Nginx web server to use that certificate.

Recommended Read: Create a SELF-SIGNED SSL Certificate in Linux

Also Read: How to Host Multiple Websites with Nginx in Linux

Create a self signed certificate

Create a certificate with the following command,

$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /home/shusain/test.key -out /home/shusain/test.crt

here, openssl command is used for managing ssl,

req –x509 is public key infrastructure for ssl,

-nodes, means we don’t need a passphrase,

-days 365 is the validity of the certificate in days,

-newkey rsa:2048  means cert will 2048 bit long & uses RSA as encryption,

-keyout,provides the location for private key,

-out provides the place our SSL certificate.

So now, we have our private key (home/shusain/test.key) & a self signed certificate (home/shusain/test.crt). We need both these to configure ssl certificates in nginx.

So let’s move them to a new folder for ease of administration,

# mkdir /etc/nginx/ssl

# mv /home/shusain/test.key /etc/nginx/ssl/

# mv /home/shusain/test.crt /etc/nginx/ssl/

Now let’s move on to next step i.e. Nginx SSL configuration.

Nginx SSL configuration

Now that we have the required private key and certificate with us, we configure the SSL certificate in Nginx. We can use ‘/etc/nginx/nginx.conf’ to configura the ssl in Nginx but it is advisable to create a separate file for ssl,

# vi /etc/nginx/conf.d/ssl.conf

& enter the following lines to the file,

server {

    listen 443 ssl;

    server_name example.com;

    ssl_certificate /etc/nginx/ssl/test.crt;

    ssl_certificate_key /etc/nginx/ssl/test.key;

    ssl_dhparam /etc/ssl/certs/dhparam.pem;

root /var/www/html;

index index.html index.htm index.nginx-debian.html;

}

All we have to do is to reload the nginx configuration to complete the Nginx SSL configuration & install ssl certificate in Nginx,

# systemctl reload nginx

Now we can access our website with the https followed by the website URL,

https://example.com

Since we are using a self-signed certificate, we might get a warning but we can ignore that & click on ‘Proceed anyway’ to open the website.

Additional Parameters for SSL

The above-mentioned parameters are the basic configuration for SSL, we can actually select a number of options like TLS versions. Ciphers suites as well depending on our need.

An example to additional parameters that can be used are,

server {

    listen 443 ssl;

    server_name example.com;

    ssl_certificate /etc/nginx/ssl/test.crt;

    ssl_certificate_key /etc/nginx/ssl/test.key;

    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    root /var/www/html;

     index index.html index.htm;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_prefer_server_ciphers on;

    ssl_ciphers “EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH”;

    ssl_ecdh_curve secp384r1;

    ssl_session_cache shared:SSL:10m;

    ssl_session_tickets off;

    ssl_stapling on;

    ssl_stapling_verify on;

    resolver 8.8.8.8 8.8.4.4 valid=300s;

    resolver_timeout 5s;

    add_header Strict-Transport-Security “max-age=63072000; includeSubdomains”;

    add_header X-Frame-Options DENY;

    add_header X-Content-Type-Options nosniff;

}

This completes our tutorial on how to perform Nginx SSL configuration & install a SSL certificate in Nginx. Please feel free to send in any questions or queries using the comment box below.

The post Beginner’s guide to NGINX SSL CONFIGURATION appeared first on The Linux GURUS.

To avoid such unencrypted data transfers, we use SSL certificates. SSL or Secure Socket Layer is a protocol that is used for securing encrypt our website traffic. This avoids data theft, even if the data would have been intercepted by a 3rd party, it will be useless to them as the encryption used to secure the traffic is quite strong. 

SSL certificates are of such importance that now almost all web browsers show a warning when we are visiting a website that does not have a valid SSL certificate in use.

The SSL certificate that is used to secure the websites on the Public internet uses SSL certificates that are signed by Certification Authorities (CA) like Comodo, GeoTrust, Symantec, etc & they charge a fee for that. And then there are CAs like Let’s Encrypt which provide SSL certificate for free but for a lesser duration.

But we might not require any of these SSLs when we are using an SSL certificate for the testing environment or for development purposes. There we can only use self-signed certificates.

Recommended Read: How to create an SSL certificate with certbot

Also Read: How to install NGINX from Source packages in Linux

In this tutorial, we will discuss how to create a self-signed certificate in Linux. Let’s discuss the process,

Create Self Signed SSL certificate in Linux

To create a self-signed certificate in Linux, we need to have packages named ‘openssl’ & ‘mod_ssl’ installed on our system. Openssl is installed by default on all Linux distributions & we can install mod_ssl with the following command,

# yum install mod_ssl

Now we can create the SSL certificate using the openssl command mentioned below,

# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /home/shusain/ssl.key -out  /home/shusain/ssl.crt

To describe the command mentioned above, 

openssl is the command for managing SSL,

req –x509 is the public key infrastructure for SSL,

-nodes, means we don’t need a passphrase,

-days 365 is the validity of the certificate in days

-newkey rsa:2048  means cert will 2048 bit long & uses rsa encryption,

-keyout, is the location to Private key,

-out is the location for the certificate.

We need to have both  /home/shusain/ssl.key &  /home/shusain/ssl.cert to configure it in our webserver. We will be discussing how we can install an SSL certificate in our Nginx as well as Apache in our future tutorials. Please feel free to send in any questions or queries using the comment box below.

The post Create a SELF-SIGNED SSL Certificate in Linux appeared first on The Linux GURUS.

In this tutorial, we will learn how to install Ngnix on CentOS & RHEL servers. There are two ways with which we can install the Nginx on CentOS & RHEL, either using EPEL repositories or using the Nginx official repositories.

Recommended Read: How to install NGINX on Ubuntu

Also Read: Scheduling CRON Jobs with Crontab for Beginners

Install Nginx on CentOS/RHEL using the EPEL repository

Nginx packages are not maintained on the default CentOS/RHEL repositories & are available on the EPEL repositories. So we need to install EPEL repositories on it first.

We have already discussed in detail how we can install the EPEL repository on CentOS in our tutorial HERE. You can also run the following

CentOS/RHEL 6/7

# yum install epel-release

CentOS/RHEL 8

# dnf install epel-release

Once the EPEL repository has been installed, we can then install nginx with the following command,

# yum install nginx

Once the nginx is installed, we can then start the nginx service with the following command,

# systemctl start nginx

To enable the server at boot time, run the following command,

# systemctl enable nginx

When the nginx service has started, we can access the default nginx webpage with the system IP address from a browser,

http://IP_ADDRESS_OF_THE_SERVER

Install Nginx on CentOS using the Official Nginx repository

For enabling the official Nginx repositories, we need to create the repository files for nginx repos. Create a file ‘/etc/yum.repos.d/ngnix.repo’ & enter the following details,

# vi /etc/yum.repos.d/nginx.repo

[nginx]

name=nginx repo

baseurl=https://nginx.org/packages/$OS/$releaserver/$basearch/

gpgcheck=0

enabled=1

Here, we need to update the following values as per the OS type & version number, i.e.,

OS – rhel or centos

releaseserver – 6, 7 or 8

For example, the entry for Centos 7 would be,

[nginx]

name=nginx repo

baseurl=https://nginx.org/packages/centos/7/basearch/

gpgcheck=0

enabled=1

Similarly, replace Centos with rhel for rhel 7 Nginx repository. Now, all we need is to install Nginx with the following command,

# yum install nginx

Now, start the nginx service & access the default webpage.

This completes our tutorial on how to install nginx on CentOS/RHEL. You can also check our tutorial on how to host multiple websites on Nginx HERE & if you have any questions/queries, please do let us know using the comment box below.

The post How to install Nginx on CentOS/RHEL appeared first on The Linux GURUS.