- Ubuntu 20.04
- Nginx
- Certbot
- Watch this before: How to Secure Nginx with Lets Encrypt on Ubuntu 20.04 with Certbot? - https://youtu.be/R5d-hN9UtpU
- Request wildcard certificate
sudo certbot certonly --manual --preferred-challenges dns --test-cert- Enter
*.devopsbyexample.io - Create
TXTrecord with following value:_acme-challenge.devopsbyexample.io.-<generated value> - Anycast
- Verify with dig -t txt
dig -t txt +short _acme-challenge.devopsbyexample.io- Press enter
Certificate is saved at: /etc/letsencrypt/live/devopsbyexample.io/fullchain.pem
Key is saved at: /etc/letsencrypt/live/devopsbyexample.io/privkey.pem
- Decode certificate
sudo openssl x509 -in /etc/letsencrypt/live/devopsbyexample.io/fullchain.pem -text -noout- Create folder for website
sudo mkdir -p /usr/share/devopsbyexample.io/html- Update ownership
sudo chown -R $USER:$USER /usr/share/devopsbyexample.io/html- Update permissions
sudo chmod -R 755 /usr/share/devopsbyexample.io- Create
index.htmlpage
vi /usr/share/devopsbyexample.io/html/index.html<html>
<head>
<title>Welcome!</title>
</head>
<body>
<h1>Wildcard server block is working!</h1>
</body>
</html>- Create nginx server block
sudo vi /etc/nginx/conf.d/devopsbyexample.io.confserver {
listen 80;
root /usr/share/devopsbyexample.io/html;
index index.html;
server_name *.devopsbyexample.io;
location / {
try_files $uri $uri/ =404;
}
}- Test nginx config
sudo nginx -t- Reload nginx config
sudo nginx -s reload- Create
api.devopsbyexample.ioandhello.devopsbyexample.ioA records - Try
https://api.devopsbyexample.io/ - Verify with dig
dig +short api.devopsbyexample.iodig +short hello.devopsbyexample.io- Check in the browser http://api.devopsbyexample.io
- Update nginx config
sudo vi /etc/nginx/conf.d/devopsbyexample.io.confserver {
listen 80;
server_name *devopsbyexample.io;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/devopsbyexample.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/devopsbyexample.io/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
...
}- Test nginx config
sudo nginx -t- Fix
server_name - Reload nginx config
sudo nginx -s reload- Go to
https://api.devopsbyexample.io/andhttps://hello.devopsbyexample.io/