Add a new website to a server running nginx, LetsEncrypt HTTPS and Certbot
Last updated on January 2024.
This is follow up note from https://yctct.com/setup-webserver to add a second website on the same web server.
Update DNS
In the DNS, point the domain name (or a subdomain) to the IP address of VPS.
A @ IP_addressConfigure web server
Read:
- https://fedfree.org/docs/http/debian-nginx.html#introduction-3
- https://fedfree.org/docs/http/debian-nginx.html#do-not-configure-the-hostname-first
Follow FedFree’s instructions:
Generate a LetsEncrypt certificate
Read:
Generate a LetsEncrypt certificate for the new website:
# certbot certonly --webroot -w /var/www/example.com --must-staple --rsa-key-size 4096 --agree-tos -w /var/www/letsencrypt -d example.com --register-unsafely-without-email
# certbot certonly --webroot -w /var/www/example.com --must-staple --rsa-key-size 4096 --agree-tos -w /var/www/letsencrypt -d www.example.com --register-unsafely-without-email
# ls /etc/letsencrypt/live/ # show that example.com and www.example directories are createdAbout --webroot: https://eff-certbot.readthedocs.io/en/stable/using.html#webroot.
Place index.html in root
# touch /var/www/example.com/index.htmlAdd CAA to DNS
example.org. CAA 128 issue "letsencrypt.org"CAA creates a DNS mechanism that enables domain name owners to whitelist CAs that are allowed to issue certificates for their hostnames.
Long story: https://blog.qualys.com/product-tech/2017/03/13/caa-mandated-by-cabrowser-forum
Tests
Run curl tests and the SSL test (you should get A+), see: https://fedfree.org/docs/http/debian-nginx.html#tests
Then:
# nginx -tAnd reload nginx:
# systemctl reload nginxBack up the LetsEncrypt certificate
Back up the LetsEncrypt directory: https://yctct.com/backup-letsencrypt-folder-from-remote-to-local
Renew LetsEncrypt certificate automatically
See: https://yctct.com/renew-certificates
personal computing command-line interface (cli) gnu linux trisquel shell literacy wiki nginx hosting letsencrypt certbot
