Hogin Hogin
Go back

Obtaining an SSL Certificate with Cloudflare and Let's Encrypt, and Configuring Nginx

2 мин чтения

SSL certificates ensure the security of data transmission between users and servers. Integrating Let’s Encrypt and Cloudflare lets you automate this process. In this article, we’ll walk through the steps to obtain an SSL certificate and configure it in Nginx.

Requirements

  1. A domain name registered through Cloudflare.
  2. An Ubuntu server with superuser privileges configured.
  3. A Cloudflare account with an API token created for managing DNS.
  4. The Nginx web server installed.

Installation Steps

  1. Install Certbot and the Cloudflare plugin:
sudo apt install certbot
sudo apt install python3-certbot-dns-cloudflare
  1. Set up the Cloudflare credentials file:
echo "dns_cloudflare_api_token = your_token" >> ~/credentials
chmod 600 ~/credentials
  1. Obtain the SSL certificate:
sudo certbot certonly \
--dns-cloudflare \
--dns-cloudflare-credentials ~/credentials \
-d yourdomain.name

After running this command, the certificates will be saved in the directory /etc/letsencrypt/live/yourdomain.name/. There you’ll find the following files:

Configuring Nginx to use the SSL certificates:

Configure your Nginx server to work with the certificates you obtained. Open your site’s configuration file:

sudo nano /etc/nginx/sites-available/yourdomain.name

And add or edit the server block as follows:

server {
    listen 443 ssl;
    server_name yourdomain.name;

    ssl_certificate /etc/letsencrypt/live/yourdomain.name/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.name/privkey.pem;

    location / {
        proxy_pass http://localhost:YOUR_PORT;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

server {
    listen 80;
    server_name yourdomain.name;
    return 301 https://$host$request_uri;
}

Restart Nginx: For the changes to take effect, restart Nginx:

sudo systemctl restart nginx

Conclusion

With Cloudflare, Let’s Encrypt, and Nginx, you can easily set up a secure connection for your site, even without a public (white) IP address. This process involves obtaining a certificate and integrating it into the web server, ensuring the protection of user data. Make sure automatic certificate renewal is in place, since the certificates are valid for only 90 days.

Share this post:
Share this post on Telegram Share this post via email
Previous Post
MDT Deployment & Administration. Part 4: Bootstrap.ini and CustomSettings.ini
Next Post
MDT Deployment & Administration. Part 2: Installing and Configuring MDT