Install SSL certificate through letsencrypt on nginx

The days of expensive SSL Certificates are over. Letsencrypt is rapidly changing the way certificates are handled. The basic functionality is that you install the letsencrypt client on your server and from there it does its magic to authenticate your server. They also offer a lot of automation tools, which might scare you at first. But it’s really easy to get certificates and install them e.g. with nginx. Here’s how, assuming you have nginx installed on an ubuntu server.

1) Go to your registrar and point your site, e.g. example.com to your servers IP e.g. 107.170.33.76.

2) Login to your server (ssh root@107.170.33.76 on digital ocean for example), then:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto certonly --standalone --email youremail@gmail.com -d example.com -d www.example.com
cd /etc/nginx/ssl/
ln -s /etc/letsencrypt/live/taskbase.com/privkey.pem nginx.key
ln -s /etc/letsencrypt/live/taskbase.com/fullchain.pem nginx.crt

3) Use the following inside your http block of the nginx.conf file:

  upstream project {
    ip_hash;
    server localhost:8080;
  }

  server {
    listen  80;
    server_name example.com www.example.com;
    return  301 https://$host$request_uri;
  }

  server {
    listen 443 ssl;
    server_name example.com www.example.com;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

    location / {
      proxy_pass http://project;
      proxy_read_timeout 1000;
    }
  }

4) service nginx reload and enjoy.

 

How to setup www vs non-www, http vs https for SEO

When learning about SEO, you have probably read that you should only use www or non-www and only http or https. This begs the question: What does “only” even mean? Does it mean in all your blogs and PR events you must link consistently to https://www.example.com or is a forward from http://example.com to https://www.example.com good enough? My research for this suggests that a forward is enough and you do not need to worry, as long as you register all the versions of your site in the Google Search Console.

Nowadays if you have a somewhat potent webapp, you probably need users to login and therefore you need SSL (https). Whether you use www or non-www doesn’t matter as long as you are consistent. Quora.com redirects to www and stackoverflow redirects to non-www, so you have examples of two sites that are good at SEO with different settings.

Now lets say we want to setup our www https page. What we can’t do is a 301 permanent redirect on the registrar, since they can’t redirect https non-www. So we will have to write the redirects on our own servers. So in the end we will have:

A record: @ pointing to <my_IP>
CNAME alias: www pointing to @

while the redirects non-www to www and http to https happen on the server. Here is an example for how to redirect from http to https using nginx.