I go over how I configured nginx-certbot for a domain and to tested it using SSL Labs.
You will learn that a name provider doesn’t have to explicitly support Let’s Encrypt to provide certificates and you can get a secure website running in minutes, well, for me hours. I’m writing this so next time it will be minutes for me. ;-)
This article will take you less than six minutes to read.
Having my own domain that’s on a secure web server has been on my “To Do” list for a long time.
I took the approach of using nginx-certbot to solve this problem. There are other solutions to this problem and they are valid, I took the simplest solution first and seeing it through.
Getting a secure web server with proper certificates is tricky. Security, encryption, and configuration is tricky. I want to take a turnkey solution then try more.
I may experiment with different solutions in the future.
If you would like to follow along, you will need the following:
- Internet domain name that you can set the DNS Hostname entry
- Internet accessible server with ports 80 & 443 open and that can run docker
To have a secure web server, you need to have a registered domain you
control. The main part to control is setting the
DNS Hostname (A)
entry for the hostname, pointing to the IP address of your server.
If you’re hosting the server from your home Internet, you can find the IP address, using: https://whatsmyip.org
Free (temporary) Domain
A domain name you can control will cost money and if you just want to test out the whole process, getting a free domain is possible from providers online, one that provide Dynamic DNS services.
I use No-IP’s free domain to map one of their domains to a server.
Some example domain names available:
and more - there are even more to choose from if you subscribe to their enhanced plan.
For this test, you don’t need a powerful server at all. The essential requirements for the server are:
- the server has ports 80 & 443 accessible on the Internet
- can install docker and docker-compose
In my case, I use an AWS EC2 instance running Ubuntu 18.04 LTS. This is my go-to setup for a server online.
nginx-certbot uses Docker containers, so you will have to
install Docker on the hosting computer.
Installation instructions for Docker are available at:
Linux Installation Steps for Ubuntu
Below are the commands to install docker, copied for reference (and my future reference.)
nginx-certbot uses Docker Compose to configure and bring up the
system. The system uses two docker containers: one to get the
certificates and another to serve web content.
To install docker compose, https://docs.docker.com/compose/install/
The following command is the installation command on Ubuntu (or any linux system):
With the host server configured and accessible from a hostname, time
to get the star of this show:
The author has an article on how he made the whole system here.
For reference, I have a fork of the repository on my personal account as well.
nginx-certbot with Domain
Take the domain from the Internet domain step,
update the following command and run it to generate the
nginx-certbot and your domain.
Does the command look familiar? It should ^_-
nginx-certbot initialization script
With your domain configured for
nginx-certbot, run the
initialization script to get and setup the certificates from Let’s
Encrypt, the free HTTPS certificate
Everything should be green from the initialization script, which gets the certificates for your domain. Now to run the server:
If there are errors, validate the
app.conf configuration and re-run
script. Keep It Simple (for
now). It’s important to get things working instead of pre-configuring
Here’s the moment of truth: does the site work?? There are two ways to test:
- Use your browser
- Use another website
I will go over these in detail.
If you open up your browser to your domain, nothing will show up:
Oh, this looks like it’s not working!? Huh???
If the server was not working, there would be no response.
Upon closer inspection, viewing the browser’s Inspector network tool shows:
See the requests on the side with
301? Those are redirects and
something is happening. Eventually, the browser gives up and throws
This will be a frustrating experience if this was the only way to test your server’s configuration, hence, SSL Labs site check
SSL Labs site check
Using your browser would be sufficient in most cases. In this case, I want to validate the HTTPS aspect and make sure the server has an encrypted connection with the client.
The easiest way to do this is to use SSL Lab’s SSL test feature. Goto the following web page:
And enter your domain.
When everything is all good, the page would look like:
Even though the browser shows an error for the site, SSL Lab’s check passes it.
For now, this is enough to validate the
nginx-certbot to serve more is another article.
If you have any problems, please contact me. There are numerous moving parts here that don’t talk to each other unless explicitly configured to do so.
That’s the beauty and frustration of the Internet. ;-)
I’ve documented the steps I took to bring up a secure nginx web server
on a new domain using
I really appreciate developers such as wmnnd for sharing useful tools like this as setting up a secure web server without an automated process can be frustrating, nginx-certbot makes the process better and Internet more secure!