This is just a quick note to Install Let’s Encrypt for Nginx on Ubuntu 18. Since there is a new way to automatically renew LE certs on Ubuntu 18, I quick document steps for the reference purpose.
- Install Let’s encrypt for Nginx:
apt install -y python-certbot-nginx - Issue necessary certs for your domain with LE (remember that you need to have Nginx server blocks for these domains first) :
certbot --nginx -d YOUR_DOMAIN1.COM -d YOUR_DOMAIN2.COM - We can check if we currently have certbot in the system timers for automatically renewal:
systemctl list-timers - In order to restart nginx when certs are renewed, we can simply add renewal-hook to the /etc/letsencrypt/cli.ini file as follows:
renew-hook = systemctl reload nginx- Note 1: you can of course use
certbot renew --pre-hook "service nginx stop" --post-hook "service nginx start"for your scheduled tasks / cronjobs. - Note 2: you can also create a bash file at /etc/letsencrypt/renewal-hooks/deploy/ to implement renewal hooks, just remember to allow it to be executable.
- Note 1: you can of course use
- Done 🙂
Bonus: Password protected folder
- Install apache2-utils so that we can use the htpasswd command:
apt install apache2-utils - Create password with htpasswd:
htpasswd -c /home/MYDOMAIN/.htpasswd USERNAME - Add a new block to nginx configuration to protect your private folder:
location /YOUR_FOLDER {
autoindex on;
auth_basic "Restricted";
auth_basic_user_file /home/MYDOMAIN/.htpasswd;
}- Restart nginx:
systemctl restart nginx
Bonus: Install Fail2Ban and use w/ SSH
- Install it:
apt-get install -y fail2ban - Configure a new jail at /etc/fail2ban/jail.local:
[sshd]
enabled = true
port = 899
filter = sshd
logpath = /var/log/auth.log
maxretry = 3systemctl restart fail2ban
