SSL for everyone

Spending huge bill per month on SSL, that’s insane, let me tell you how to do that for FREE. I was using Amazon Linux (CentOS)

Switch to root

sudo su

lets follow some best practice

mkdir certbot
cd certbot

Download certbot-auto

curl -O

Give some permission

chmod +x certbot-auto

Now will ask certbot to create an certificate for //replace with your domain name

./certbot-auto certonly --standalone -d

Thats it, you can see bellow message.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for
Waiting for verification...
Cleaning up challenges

- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/ Your cert
will expire on 2017-10-04. To obtain a new or tweaked version of
this certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
"certbot-auto renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt:
Donating to EFF:

Will not worry about renewals, Make cronjob runs daily to check is there any certificates to renew and renew it.

crontab -e

Press I key and paste below line.

/home/ec2-user/certbot/certbot-auto renew

Press escape key and type :wq and hit on enter button

Now you need to update nginx settings

vi etc/nginx/nginx.conf

Replace “” in bellow snippet with your domain (without http(s)//:) and paste it to before last “}”

server {
        listen       443 ssl http2 default_server;
		listen       [::]:443 ssl http2 default_server;
        root         /usr/share/nginx/html;
        ssl_certificate "/etc/letsencrypt/live/";
        ssl_certificate_key "/etc/letsencrypt/live/";
        # It is *strongly* recommended to generate unique DH parameters
        # Generate them with: openssl dhparam -out /etc/pki/nginx/dhparams.pem 2048
        #ssl_dhparam "/etc/pki/nginx/dhparams.pem";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {

        error_page 404 /404.html;
            location = /40x.html {

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {

Restart nginx

 service nginx restart

Boom! your server is secured with SSL!

I Would Like to Thank  “Letsencrypt” for keep securing servers for free.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top