Free SSL Setup Guide - aelassas/bookcars GitHub Wiki

This guide shows you how to generate and renew free SSL certificates using Let's Encrypt and Certbot on Ubuntu for your BookCars deployment.

Table of Contents

1. Prerequisites
2. Generate Your Certificate
3. Certificate Renewal
   3.1. Test Renewal
   3.2. Schedule Automatic Renewal
4. You're All Set!

Prerequisites

1. Install NGINX:

sudo apt update
sudo apt install nginx-full

2. Install Certbot via Snap:

sudo apt update
sudo apt install snapd
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Generate Your Certificate

Run the following command to generate and install an SSL certificate using Certbot with NGINX:

sudo certbot --nginx -d domain.com -d www.domain.com -d admin.domain.com --redirect --non-interactive --agree-tos --email [email protected] --keep-until-expiring

• Replace domain.com with your domain.
• Replace [email protected] with your email.

Your frontend will be accessible at https://domain.com

Your admin panel will be accessible at https://admin.domain.com

To ensure HTTP requests are redirected to HTTPS and to allow Let's Encrypt challenges, add the following NGINX configuration:

server {
    listen 80;
    server_name _;

    # Serve Let's Encrypt challenges without redirect
    location ^~ /.well-known/acme-challenge/ {
        root /var/lib/letsencrypt;
        default_type "text/plain";
        allow all;
    }

    # Redirect everything else to HTTPS
    location / {
        return 301 https://$host$request_uri;
    }
}

Then check the configuration and restart NGINX:

sudo nginx -t
sudo systemctl restart nginx

To make sure certbot certificate renewal will work, create a test challenge file to ensure Certbot will work properly:

sudo mkdir -p /var/lib/letsencrypt/.well-known/acme-challenge
echo "ok" | sudo tee /var/lib/letsencrypt/.well-known/acme-challenge/test
curl http://domain.com/.well-known/acme-challenge/test

You should see ok in the output.

Certificate Renewal

Test Renewal

To test certificate renewal, run the following command:

sudo certbot renew --dry-run

Schedule Automatic Renewal

To automatically renew certificates before expiration, edit the crontab::

sudo crontab -e

Add the following cron job:

00 00,12 * * * certbot renew --post-hook "systemctl restart nginx bookcars"

This cron job is scheduled to run Certbot twice daily and restart the nginx and bookcars services if certificates are renewed. It runs at 00:00 and 12:00 every day.

You're All Set!

Your BookCars platform is now secured with HTTPS and automatically renews certificates before they expire. Be sure to monitor email notifications from Let's Encrypt in case of issues.