Obs! Denna post är på engelska då den från början skrevs för medium.com
This simple guide will show you how to buy, create and install a SSL certificate on a Laravel Forge provisioned server (Ubuntu in this case) using SSLMate (you don’t have to use Forge, the steps described will work on most Linux servers).
SSLMate is a great service which helps you to very quickly and easy buy and setup a SSL certificate via the command line to protect your site.
Forge is a server provisioning tool that helps you setup and config web servers for web apps (specifically PHP apps) ridiculously easy.
This guide assumes that you’ve already created a Forge account as well as a SSLMate account, so if you haven’t done that already, do that now and lets get started!
1. Install SSLMate on the server
The commands below are for Ubuntu 14.04. For other versions/dists, see https://sslmate.com/help/install
sudo wget -P /etc/apt/sources.list.d https://sslmate.com/apt/ubuntu1404/sslmate.listsudo wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/ubuntu1404/sslmate.gpgsudo apt-get updatesudo apt-get install sslmate
2. Buy the certificate
The “HOSTNAME” in the code below is the common name/domain name, eg. “yourdomain.com”.
# Create dir to hold SSLsmkdir /home/forge/ssl/HOSTNAME && cd /home/forge/ssl/HOSTNAME# Link your sslmate accountsslmate link# Buy certsslmate buy HOSTNAME
Follow the instructions and the certificate will be valid for both yourdomain.com AND www.yourdomain.com.
You will now have four files that SSLMate just created:
- HOSTNAME.key
- HOSTNAME.com.crt
- HOSTNAME.com.chain.crt
- HOSTNAME.com.chained.crt
NOTICE! If you are renewing an existing certificate, you will probably not get a .key file after renewal. You can instead find the .key file on the Forge server in /etc/nginx/ssl/{domain}/{id}/
3. Install the certificate
On a forge server:
- Goto the site in Forge. Click on the tab “SSL Certificates” and then “Install Existing Certificate”.
- Copy the contents of your HOST.key into “Private key” in Forge (I usually just use the “cat” command and copy n paste) .
- Copy contents of HOST.chained.crt into “Certificate key” in Forge.
- Click on “Install Certificate”
- After the certificate is installed, click on the activate icon (a lock) in the list of installed certificates at the bottom of the page.
On any other server:
First generate the Nginx code to be inserted into the configuration file:
sslmate mkconfig nginx HOSTNAME
This will spit out some Nginx code that should go into the server block in your nginx server configuration. After you’ve inserted the code to the configuration file, test the configuration with:
sudo nginx -t
If everything is successful, go ahead and reload Nginx:
sudo service nginx reload
4. Test the certificate
sslmate test HOSTNAME
This will test that the certificate is properly installed and that it works with Nginx.
5. Make sure www redirects are in place
We want to make sure that however a user types in the url of your site (whether http or https, and whether www or not), it always redirects to https://yourdomain.com
- Click on “Edit files” in the bottom of the page
- Click “Edit Nginx Configuration”
Here’s an example of the Nginx config (you will probably NOT have the “http www redirect block”) with redirects added to the top:
# http redirectsserver { listen 80; server_name yourdomain.com www.yourdomain.com; return 301 https://yourdomain.com$request_uri;}# https www => non-www redirectserver { listen 443 ssl; server_name www.yourdomain.com; ssl_certificate /etc/nginx/ssl/yourdomain.com/xxxx/server.crt; ssl_certificate_key /etc/nginx/ssl/yourdomain.com/xxxx/server.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; return 301 https://yourdomain.com$request_uri;}# general server config blockserver {...}
Good to know: Forge automatically creates a separate redirect config file for the www domain (in eg. /etc/nginx/sites-available/www.yourdomain.com) when you create your site, but I like it better to have all redirects in one file and to be able to change them directly from Forge.
6. End
We’re all done! Forge should automatically reload the Nginx server so that the new changes are reflected. Visit your site and it is now secure! Thanks SSLMate and Forge!