install ssl certificate raspberry pi

How to Install SSL certificate in Raspberry Pi

Team Fedingo

Raspberry Pi is a fun little computer to help you easily learn about computing basics and use it as a hobby to do many things. However, if your Raspberry Pi is running a server and is publicly accessible then it might be a good idea to install SSL certificate on it, so that all traffic to and from your server is encrypted. In this article, we will learn how to install SSL certificate Raspberry Pi. We will be installing Let’s Encrypt Certbot Client on Raspberry Pi. Let’s Encrypt is a free SSL certificate and its certbot will automatically renew it for you on a regular basis.


How to Install SSL certificate Raspberry Pi

SSL certificates can be obtained only for domains and not IP addresses. So please make sure you have an active domain, and it points to the IP address on which you will be running your Raspberry Pi’s server.


1. Update System

Connect to your Raspberry, open terminal and run the following command to update the system.

$ sudo apt-get update
$ sudo apt-get upgrade

If you see any prompts, enter Yes to proceed.


2. Install Let’s Encrypt

Next, we will install Let’s Encrypt on our system. Here is the command for it.

$ sudo apt-get install certbot


3. Configure Certbot

Next, we will configure certbot to automatically download & install SSL certificate. Run the following command. Replace example.com and www.example.com with your domain names.

$ certbot certonly --standalone -d example.com -d www.example.com

If your web root folder is other than the default /var/www/html, then you can specify it with -webroot option, as shown below. Here our web root folder is /var/www/example

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com

Next, you will be prompted to enter certain details such as site admin’s email address, etc. Enter them as required.

After that, certbot will download and install certificates at 

/etc/letsencrypt/live/example.com/

You will find the full chain file (fullchain.pem) and private key file (privkey.pem) in above folder location. Make sure unauthorized users and applications cannot access these certificates, else their security might be compromized.

You can refer to these certificate files in your Apache/NGINX server’s configuration file. Next, we will show how to point NGINX server to these SSL certificate files.


4. Update NGINX Configuration file

Open NGINX configuration file in text editor.

$ sudo vi /etc/nginx/sites-available/default.conf

Add the following lines to the configuration file. Replace example.com with your domain name.

server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /usr/share/nginx/html;
        index index.html index.htm;

        server_name example.com;

        location / {
                try_files $uri $uri/ =404;
        }
}

Look for 

listen [::]:80 default_server;

Add the following line below it.

listen 443 ssl;

Now your NGINX server will listen to both port 80 (HTTP) as well as 443 (HTTPS/SSL). If you don’t want your server to be accessible via HTTP, then remove the following lines.

listen 80 default_server;
listen [::]:80 default_server;

Look for the following line.

server_name example.com;

Add the following lines below it. They point to the location of full chain and private key files.

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

Now your final NGINX configuration will look like

server {
        listen 80 default_server;
        listen [::]:80 default_server

        listen 443 ssl;

        root /usr/share/nginx/html;
        index index.html index.htm;

        server_name example.com;

        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

        location / {
                try_files $uri $uri/ =404;
        }
}

Save and close the file.

Test NGINX configuration with the following command.

$ sudo nginx -t

Restart NGINX Server to apply changes.

$ sudo service nginx restart

That’s it. Now you should be able to access the server running on your Raspberry Pi via HTTPS URLs. You can open browser and test them.

Also read:

How to Disable Lighttpd Access Log
How to Install Http Server in Raspberry Pi
How to Configure DNS Nameserver in Ubuntu
How to Configure LDAP Client in Ubuntu
How to Copy File to Clipboard in Ubuntu

Related posts:

How to Recover Deleted Files in Linux
How to Grep Multiple Strings, Patterns & Words
How to Install PgAdmin 4 in Ubuntu
How to Change Kernel Parameters At Runtime
How to Send Message to Logged User in Linux
How To Set Up Automatic Updates in Ubuntu
How to Unzip File in Linux
How to Delete Partition in Linux

Leave a Reply

Your email address will not be published. Required fields are marked *