Configuring LetsEncrypt for your hosting platform is now a standard practice for any website operator. This guide outlines the key procedures to set up a trusted certificate using automated tools.
Prerequisites and Initial Setup
Before starting the configuration, verify your VPS has a DNS record pointing to it. You will need root access and a web server like Nginx. The Let's Encrypt client package must be added via your OS check here repository. For example, on CentOS, run: `sudo apt install certbot` or `sudo yum install certbot`.
Obtaining the Certificate
The simplest method is to use the standalone plugin. For Apache, the `--apache` or `--nginx` plugin can directly modify your server block. Run: `sudo certbot --apache -d example.com -d www.example.com`. This triggers the domain validation. If you prefer the webroot approach, use: `sudo certbot certonly --webroot -w /var/www/html -d example.com`. This places a token in your public folder.
Web Server Configuration Adjustments
After obtaining the certificate, you must update your site configuration to reference the SSL file locations. For Nginx, the standard directives are:
- SSLCertificateFile: `/etc/letsencrypt/live/example.com/fullchain.pem`
- ssl_certificate_key: `/etc/letsencrypt/live/example.com/privkey.pem`
Ensure you enable HTTPS redirection from HTTP to HTTPS. A permanent redirect is recommended. For Apache, insert a `return 301 https://$host$request_uri;` or use `RewriteEngine On` with `RewriteRule`.
Automated Renewal and Verification
Let's Encrypt certificates expire 90 days. Certbot installs a scheduled task to update them without manual intervention. To test the renewal process, run: `sudo certbot renew --dry-run`. Review your certbot logs for errors. If the renewal fails, check for port 80 issues.
Security Hardening (Optional but Recommended)
To improve security, enable HTTP Strict Transport Security (HSTS) by adding `add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;` in your server block. Also, remove SSLv3 and use modern ciphers. A secure configuration protects your clients from MITM threats.
By following these instructions, your web server will be protected with a free Let's Encrypt certificate, providing trust for every connection.