nuxt + let's encrypt + certbotIntroduction In my last blog [https://warrenlee.tech/blog/bring-your-nuxt-app-alive-with-nginx] I explained how to serve your nuxt app using Nginx. In this blog I will walk you through how to enable HTTPS on your web server by using Certbot to obtain free SSL certs from Let's Encrypt. These certs will typically expire in 90 days but with Certbot it can help automate this process. Prerequisites * A fully registered domain name * Install Certbot onto the server * Make sure your web server is runnable on port 80. Install Certbot We will need to add the repository. $ sudo add-apt-repository ppa:certbot/certbot Update the apt package manager. $ sudo apt-get update Install certbot $ sudo apt-get install python-certbot-nginx Run Certbot Assuming that your current web server is running under a fully registered domain and unsecured (if it's already secure then why bother with any of this?!) Run the following to get the certs and configure automation. $ sudo certbot --nginx -d example.com -d www.example.com If you have more than one domain to work with you can keep adding domains with the -d option. The --nginx option lets certbot know that we're dealing with an nginx webserver. Other options are available to handle other webservers like apache. When you first run this command you will be prompted to enter your email. Please do so as you will get email notifications when the certs will expire (if the automation didn't work then at least you know). Once successful certbot will attempt to make some changes to your nginx config by adding the neccessary cert paths and adding in the 443 port which is typically used for SSL. Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. ------------------------------------------------------------------------------- 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. ------------------------------------------------------------------------------- Select the appropriate number [1-2] then [enter] (press 'c' to cancel): I recommend choosing 2 to redirect http requests to https. Certbot will now do it's thing and the following will show. IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/example.com/fullchain.pem. Your cert will expire on 2017-10-23. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le This will let you know where the certs are stored and when the certs are due to expire. Reload your website and it should now be running under HTTPS! The automation As mentioned the certs are valid for only 90 days and will need to be renewed prior to that date. When we ran the certbot command it would of added the renew script to the /etc/cron.d folder. This is typically our cronjob folder and will run the script twice a day, but the certs will only renew 30 days prior to the expiry date. You can test the renewal with a dry run command. $ sudo certbot renew --dry-run If you see all your domains in there then thats it, it'll work as expected on the day. Conclusion Congrats! We now have a running nuxt app running on your server deployed using pm2, using an nginx webserver to serve to the web and using certbot to obtain free SSL certs from Let's Encrypt to have your website running under HTTPS. Hope this helps you! Any feedback or troubles, feel free to leave a message in the comments below.