Dev Site - Buying a domain name, setting up nginx, and configuring Let’s Encrypt with Certbot
Buying a domain
The process for both is pretty much the same, search for the domain you want and buy it for a year if it is available.
For this example, I will purchase https://dylanjonestest.dev.
Note, if you buy a .dev domain, you must use HTTPS or it will not work. We will cover that later.
Next, we need to configure DNS for our domain. This will tell everyone who enters your domain that it needs to go to your server.
To do this, log into the domain registrar you picked (Google Domains in my case), and find your DNS settings. Then you just need to add an A record, and set it to point to your server’s IP address. You do not need anything in the name field:
You do not want to add both, because we will only be setting up one SSL certificate.
You can ignore the error, it will be resolved later (once SSL is set up).
For now, all we need to do is install it, enable it (so it will be started when the server starts), and start it up:
# yay -S nginx # sudo systemctl enable nginx # sudo systemctl start nginx
If it worked, you can navigate to your IP address in a browser and you will get this page:
We need to do a little configuring before setting up SSL.
So edit /etc/nginx/nginx.conf and set the server_name, in the default server block, to your new domain name:
# sudo systemctl restart nginx
Now we can finish setting it up with SSL using Let’s Encrypt and Certbot
Let’s Encrypt (with Certbot)
Let’s Encrypt is an awesome Certificate Authority that will let you easily generate SSL certificates automatically and for free.
To easily configure this, we will use Certbot.
Since we are using nginx, we need to install certbox-nginx:
# yay -S certbot-nginx
Then run certbot with the nginx plugin:
# sudo certbot --nginx
Follow the prompts, making sure to choose the option to redirect HTTP traffic to HTTPS.
If that works, you should be able to navigate to your domain (https://dylanjonestest.dev/) and get the same nginx screen as above! But now, you are using the domain name you bought and it is secured using SSL.
Let’s Encrypt certificates only last 90 days. So you can either manually renew them every 90 days or so, or set up a systemd service to do it automatically.
To do this, create /etc/systemd/system/certbot-renewal.service with the following contents (using sudo):
[Unit] Description=Certbot Renewal [Service] ExecStart=/usr/bin/certbot renew --quiet --agree-tos --post-hook "systemctl restart nginx"
This will renew the certificate, agree to the Terms of Service if necessary, and restart nginx afterwards.
We also need to create a timer, so create /etc/systemd/system/certbot-renewal.timer with the following contents (using sudo):
[Unit] Description=Timer for Certbot Renewal [Timer] OnBootSec=300 OnUnitActiveSec=12h [Install] WantedBy=multi-user.target
This will run the renewal 5 minutes after the system boots up, and then run it every 12 hours thereafter.
Once the certificate is within 30 days of renewal, it should be renewed. That will ensure that you do not have any downtime waiting for the certificate to be renewed.
Then you just need to enable and start the certbot timer:
# sudo systemctl enable certbot-renewal.timer # sudo systemctl start certbot-renewal.timer
To ensure that it is working, run:
# sudo systemctl status certbot-renewal.service
It should say succeeded:
And that’s it!
In the next article, we are going to go over creating the actual website using VuePress and Tailwind CSS. We will need to get some code available before we can set up automated deployments!