How to Secure Nginx Server with SSL Certificate Using Python and Certbot on Rocky Linux?

Appetenza
2 minutes, 30 seconds To Read
2024-01-24 14:40:52
- Linux
- Python
- Rocky Linux
- Nginx

In today's digital age, ensuring the security of your web server is of utmost importance. This step-by-step guide will walk you through the process of securing your Nginx server on Rocky Linux with an SSL certificate. We'll be leveraging the power of Python and the Certbot ACME client to simplify the SSL certificate issuance process.

Step 1: Install Certbot and Required Libraries

Begin by updating your package list and installing Certbot along with the necessary Python libraries. Open a terminal on your Rocky Linux server and run the following commands:

sudo dnf install epel-release
sudo dnf install certbot python3-certbot-nginx

Step 2: Run Certbot to Obtain SSL Certificate

Run Certbot to interactively obtain and install the SSL certificate. The --nginx option automates the process of configuring Nginx for SSL. Replace example.com with your domain:

sudo certbot --nginx -d example.com

Certbot will prompt you for your email address and provide options for redirecting HTTP traffic to HTTPS.

Step 3: Automate Certificate Renewal

Certbot sets up an automatic renewal process via a cron job. Test the renewal process with the following command:

sudo certbot renew --dry-run

This command simulates the renewal process without actually renewing the certificate.

Step 4: Check Nginx Configuration

Certbot should automatically update your Nginx configuration. Verify the changes in your Nginx configuration file, typically located in /etc/nginx/sites-available/default or /etc/nginx/nginx.conf. Ensure there is a server block listening on port 443 with the SSL certificate paths.

Step 5: Restart Nginx

If Certbot did not automatically restart Nginx, do so manually to apply the new configuration:

sudo systemctl restart nginx

Congratulations! Your Nginx server on Rocky Linux is now fortified with an SSL certificate, encrypting data transmitted between the server and your users. Regularly check for certificate renewals to ensure a secure and uninterrupted browsing experience for your visitors.