How to Install an SSL Certificate on DigitalOcean

Published December 1, 2024 | By Matt

Securing a website with an SSL certificate protects user data and establishes trust with your site. An SSL certificate encrypts data transmitted between your server and visitors, ensuring sensitive information remains confidential. This guide will walk through installing a free Let’s Encrypt SSL certificate on your DigitalOcean Droplet.

Prerequisites to Installing an SSL on a Droplet

Click here for free DigitalOcean credit

Before we begin, make sure you have the following:

  • A DigitalOcean Droplet running a Linux distribution like Ubuntu.
  • A registered domain name pointing to your Droplet’s IP address.
  • SSH access to your droplet is available to a non-root user with sudo privileges.
  • A web server is installed on your Droplet (either Nginx or Apache).

Step 1: Update Your Server

First, connect to your Droplet via SSH and update package lists to make sure you have the latest security patches and software updates.:

bash

Copy code

sudo apt update && sudo apt upgrade -y

Step 2: Install Certbot

Certbot is a tool that greatly simplifies the process of obtaining and automatically renewing SSL certificates from Let’s Encrypt.

  • For Nginx users:
  • bash
  • sudo apt install certbot python3-certbot-nginx -y
  • For Apache users:
  • bash
  • sudo apt install certbot python3-certbot-apache -y

Step 3: Allow HTTPS Through the Firewall

If you have enabled UFW (Uncomplicated Firewall), you’ll need to allow HTTPS traffic.

  • For Nginx:
  • bash
  • sudo ufw allow ‘Nginx Full’
  • For Apache:
  • bash
  • sudo ufw allow ‘Apache Full’

This command opens up ports 80 (HTTP) and 443 (HTTPS) on your server.

Step 4: Obtain and Install the SSL Certificate

Now, we’ll use Certbot to get the SSL certificate and configure your web server.

  • For Nginx:
  • bash
  • sudo certbot –nginx -d yourtestdomain.com -d www.yourtestdomain.com
  • For Apache:
  • bash
  • sudo certbot –apache -d yourtestdomain.com -d www.yourtestdomain.com

Replace yourtestdomain.com with your actual domain name.

During this process, Certbot will prompt for an email address and ask to agree to the terms of service. It will also give you the option to redirect all HTTP traffic to HTTPS, which we recommend.

Step 5: Verify the SSL Installation

After Certbot completes the installation, you can check if your site is accessible via HTTPS by visiting:

arduino

https://yourdomain.com

Your browser should show a padlock icon indicating the connection is secure.

Step 6: Set Up Automatic Renewal

Let’s Encrypt certificates stay valid for 90 days, but Certbot can automatically renew them for you. The renewal process is handled by a cron job that’s installed by default. To test the renewal process, run:

bash

sudo certbot renew –dry-run

The automatic renewal is set up correctly if you don’t see any errors.

Troubleshooting

  • DNS Issues: Ensure your domain’s DNS records correctly point to your Droplet’s IP address.
  • Firewall Blocks: Double-check that your firewall allows HTTP and HTTPS traffic.
  • Web Server Configuration: Make sure your server blocks or virtual hosts are properly set up for your domain.

Next Steps

  • Enable HSTS: Consider setting up HTTP Strict Transport Security to force browsers to use HTTPS.
  • Monitor Your Certificate: Keep an eye on your SSL certificate’s expiration dates, even with automatic renewal.
  • Secure Other Services: If you have other services running, ensure they’re also secured with SSL where applicable.


Place Important Links Here

Copyright © 2020 - All Rights Reserved.

Disclaimers And Legal Stuff Here

Powered by WordPress and Simple Affiliate WordPress Theme