Learning journey

How to use let's encrypt and Certbot to point a domain name to your server IP address

Shasa Thuo's photo
Shasa Thuo
·

3 min read

So you are at the point in your project where you have successfully deployed your backend app to a server like EC2 and have nginx as a reverse proxy or you have configured your nginx to serve the static frontend files so that going to an ip like http://193.3.4.54 for your frontend or http://193.3.4.54/api for your backend redirects to your frontend or back-end api. The next step is getting a domain name and setting up ssl so you can go live.

Step One

The first step is purchasing a domain name from a provider such as Godaddy, once you have purchased a domain like mycoolapp.com, the sellers provide access to a dashboard where you can configure DNS records. Ensure your DNS records point to your server’s IP.

To configure your DNS records, add an A record for the domain pointing to the server's IP address. For subdomains, you can use CNAME records to alias them to the main domain or directly to the server's IP address.

Step Two

Assuming you are running the latest version of Ubuntu on your server, the next step is to install Certbot using snap.

sudo snap install --classic certbot

Step three

Now we run Certbot so that it configures ssl for mycoolapp.com . For this to work you should have

  • Certbot.

  • A nginx config.

  • The app that nginx points to.

    Certbot sets up the ssl and edits your nginx file for everything to work together

Run Certbot using the command

sudo certbot --nginx -d mycoolapp.com -d www.mycoolapp.com

If your nginx config looked like this before running Certbot

server {
    server_name mycoolapp.com;
    # listen 80;
    location / {
        autoindex on;
        root /var/www/vhosts/frontend/dist;  # Path to frontend build
        try_files $uri /index.html;
    }


}

After running Certbot its going to look like this

server {

    server_name mycoolapp.com;

    location / {
        autoindex on;
        root /var/www/vhosts/frontend/dist;  # Path frontend build
        try_files $uri /index.html;
    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mycoolapp.com.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mycoolapp.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = mycoolapp.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot



    server_name mycoolapp.com;
    listen 80;
    return 404; # managed by Certbot


}

Certbot modifies the Nginx config file to add the ssl certificate and then ads a redirect where all http requests to port 80 are redirected to https on port 443

One of the neat features of Certbot is that it automates ssl renewal, to check that it is properly set up to automatically renew the ssl when it expires run the command

sudo certbot renew --dry-run

Conclusion

After following the steps you should be able to visit https://mycoolapp.com if you set the A Record on your DNS dashboard on Godaddy(or your domain name seller’s DNS dashboard) correctly and also visit https://www.mycoolapp.com if you added it to the CNAME record as a subdomain to point to the root domain (https://mycoolapp.com) . Both should point to your frontend or your api service.

Bonus

If you use a service like Vercel all you have to do is change the nameservers on your domain name provider’s dashboard to the nameservers that Vercel provides and Vercel will handle the ssl stuff as well as the A-record and C-Name record stuff, you don’t even have to think about it.

nginxVercelcertbothostingLet's EncryptdnsUbuntuvercel deployment