Https With Letsencrypt And Certbot Azure Let's Encrypt NGINX

Dec 7th, 2018 - written by Kimserey with .

Securing communication between client and server is a mandatory step when building web application. Thanks to Let’s Encrypt, it is now free to setup SSL certificate and with Certbot, the ACME protocol implementation available on Ubuntu, it is a five minutes job to get it to work with Nginx.

Today we will see how we can setup HTTPS using Certbot Nginx configuration on an Azure Ubuntu VM. This post will be composed of three steps:

Prepare the VM

We start first by creating an Azure VM on Ubuntu 18.04 with either password or SSH and allowing HTTP, HTTPS, SSH.

creation

Once done, we can select a custom DNS for our VM. This makes it easier to SSH but also it will be required for our SSL certificate setup.

dns

We set the Assignment as Static then we choose a DNS name label. Here we choose azure-test-vm therefore the VM will be accessible at azure-test-vm.southcentralus.cloudapp.azure.com.

We should now be able to SSH into the VM using the command:

Install Nginx

Next once we are in the VM, we can install Nginx by installing the following:

1
2
sudo apt-get update
sudo apt-get install nginx

Once installed, as we already have opened the HTTP port during creation of the VM, we should be able to see the default Nginx page from http://azure-test-vm.southcentralus.cloudapp.azure.com.

Let’s then create a website configuration in Nginx under /etc/nginx/sites-available named as our server azure-test-vm.southcentralus.cloudapp.azure.com.

And paste the following configuration:

1
2
3
4
5
6
7
8
9
10
11
12
server {                                                        
  listen 80 default_server;
  listen [::]:80 default_server;
                                                              
  server_name azure-test-vm.southcentralus.cloudapp.azure.com; 
                                                              
  root /var/www/html;                                   
  index index.html index.htm index.nginx-debian.html;                                                          
  location / {                                                 
    try_files $uri $uri/ =404;                           
  }                                                            
}

To know more about Nginx, yo ucan checkout my previous blog post on how to setup ASP NET Core applications with Nginx.

We then remove the existing default setup by deleting the file under `` and creating a symlink to our new configuration.

1
2
sudo rm /etc/nginx/sites-enabled/default
sudo ln -s /etc/nginx/sites-available/azure-test-vm.southcentralus.cloudapp.azure.com /etc/nginx/sites-enabled/azure-test-vm.southcentralus.cloudapp.azure.com

The /sites-enabled folder is the folder scanned by nginx, therefore the recommendation is to add configuration in /sites-available and then link them into /sites-enabled so that we can remove them whenever we need to without losing them. For example, default file is still available under /sites-available for reference.

Next we reload nginx with the following command:

1
sudo service nginx reload

If we navigate to http://azure-test-vm.southcentralus.cloudapp.azure.com/ we should see the same result as earlier except this would be with our own simplified configuration file.

Install Certbot

Lastly to install HTTPS, we will use Certbot with Nginx configuration which is an implementation of the ACME protocol for Letsencrypt.

We do so by executing the following commands:

1
2
3
4
5
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
sudo certbot --nginx

We follow the wizard which asks first for an email to let you know when the cert is close to expiry, then to select the server, then if you’d like to redirect HTTP to HTTPS.

Once done, we should have our server served via HTTPS http://azure-test-vm.southcentralus.cloudapp.azure.com/. If we click on the lock, we should see that our certificate is issued by Letsencrypt.

ssl

Conclusion

Today we saw how to setup HTTPS on our server for free using Letsencrypt. We started first by looking at how we could create a VM on Azure and setup a custom DNS, then we moved on to look at how to install Nginx and configure a simple server directive and finally we finished by installing a SSL cert configuration on Nginx using Certbot. Hope you like this post, see you on the next one!

Designed, built and maintained by Kimserey Lam.