Setting up an NGINX instance with Certbot and configuring it for Wildcard Subdomains on Ubuntu
Hello there, tech enthusiasts!
In this blog post, we are going to configure an NGINX server, enable HTTPS using Certbot, and set it up to handle wildcard subdomains. Let’s dive into this exciting journey.
Prerequisites: Make sure you have Ubuntu installed and are logged in with a user with sudo permissions. You also need a domain name registered to use.
Step 1: Install NGINX
First, you need to update your package lists for upgrades and new package installations:
sudo apt-get updateNext, install NGINX:
sudo apt-get install nginxAfter the installation, you should be able to check the NGINX service status with:
sudo systemctl status nginxStep 2: Configure NGINX for a Wildcard Subdomain
Let’s set up NGINX to handle a wildcard subdomain. This means any subdomain, like sub1.yourdomain.com, sub2.yourdomain.com, will be processed by this server block.
Open a new NGINX configuration file:
sudo nano /etc/nginx/sites-available/yourdomain.comPaste in the following server block:
server {
listen 80;
server_name yourdomain.com * .yourdomain.com;
location / {
root /
var / www / html;index index.html;
}
}Replace “yourdomain.com” with your actual domain. This configuration sets the server to listen for incoming connections on port 80, for your main domain and any subdomain.
To enable the configuration, link the file to the sites-enabled directory:
sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/Then test the configuration:
sudo nginx -tIf the test is successful, reload NGINX to apply the change:
sudo systemctl reload nginxStep 3: Install Certbot
Certbot is a tool that automatically uses Let’s Encrypt to set up an SSL certificate to enable HTTPS on your server. To install it, use the following commands:
sudo apt-get install software-properties-common sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot python3-certbot-nginxStep 4: Generate Wildcard Certificates with Certbot
Now, we will generate a wildcard SSL certificate. Since Let’s Encrypt needs to validate your domain, we need to use the DNS challenge which requires adding a DNS TXT record to your domain’s DNS configuration.
First, request the wildcard certificate:
sudo certbot certonly --manual --preferred-challenges=dns --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.yourdomain.comReplace “yourdomain.com” with your actual domain. This command will provide a string to be added as a TXT record to your DNS configuration.
After adding the TXT record, press Enter in the terminal. Certbot will communicate with the Let’s Encrypt API and issue the SSL certificate for your domain.
Step 5: Configure NGINX with SSL
Let’s go back to the NGINX configuration file:
sudo nano /etc/nginx/sites-available/yourdomain.comUpdate it as follows:
server {
listen 80;
server_name yourdomain.com * .yourdomain.com;
location / {
root /
var / www / html;
index index.html;
}
listen 443 ssl;
# managed by Certbot ssl_certificate / etc / letsencrypt / live / yourdomain.com / fullchain.pem;
# managed by Certbot ssl_certificate_key / etc / letsencrypt / live / yourdomain.com / privkey.pem;
# managed by Certbot include / etc / letsencrypt / options - ssl - nginx.conf;
# managed by Certbot ssl_dhparam / etc / letsencrypt / ssl - dhparams.pem;
# managed by Certbot
}Again, replace “yourdomain.com” with your actual domain. This configuration sets up the SSL certificates that were generated by Certbot.
Then test the configuration:
sudo nginx -tIf the test is successful, reload NGINX to apply the change:
sudo systemctl reload nginxStep 6: Set up Certbot Auto Renewal
Let’s Encrypt’s certificates are only valid for ninety days. This is to encourage users to automate their certificate renewal process. Thankfully, Certbot includes a script that automates the renewal process.
Open your crontab file:
sudo crontab -eAdd the following line to the crontab file:
0 12 * * * /usr/bin/certbot renew --quietThis will create a new cron job that will execute the certbot renew command every day at noon. The --quiet option tells Certbot not to produce any output unless it encounters an error. It's a good idea to choose a random minute within the hour for your task.
And that’s it! You’ve now set up an NGINX server that uses a wildcard subdomain configuration and SSL encryption with Certbot. Thanks for reading, and stay tuned for more tech guides!
Disclaimer: This is just a basic example to get you going, you’ll need to configure NGINX for your specific use case — for example to route to your app upstream.