OpenResty SSL Setup: Install and Secure Site withNginx with Let’s Encrypt on Ubuntu

Securing your website with SSL is crucial for both security and SEO benefits. In this guide, we’ll walk through the complete process of OpenResty SSL setup, including how to install OpenResty on Ubuntu, configure SSL using Certbot, and enable auto-renewal.

---

Prerequisites for OpenResty SSL Setup

Before we begin, ensure you have the following:

• A Linux server (Ubuntu preferred)
• Root or sudo access
• A registered domain name pointing to your server

Step 1: Install OpenResty on Ubuntu

OpenResty is an extended version of Nginx that includes powerful scripting capabilities. Follow the official OpenResty installation guide to install it on your Ubuntu server.

Step 2: Install Certbot for OpenResty Nginx SSL

Certbot is an automated tool for obtaining SSL certificates from Let’s Encrypt.

To install Certbot, run:

sudo apt update
sudo apt install certbot -y

Step 3: Obtain an SSL Certificate for OpenResty HTTPS Configuration

Run the following command to generate an SSL certificate for your domain:

sudo certbot certonly --standalone --preferred-challenges http -d example.com

Replace example.com with your actual domain name.

Once completed, your SSL certificates will be located in:

/etc/letsencrypt/live/example.com/

Step 4: Configure Nginx OpenResty SSL Settings

Now, update your Nginx OpenResty configuration to use the SSL certificate.

Open your configuration file:

sudo nano /usr/local/openresty/nginx/conf/nginx.conf

Nginx OpenResty HTTPS Configuration

Add the following server block inside the http block:

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
        root /var/www/html;
        index index.html;
    }
}

Save and exit (Ctrl + X, then Y, then Enter).

Step 5: Restart OpenResty Nginx for SSL to Take Effect

Restart Nginx OpenResty for the changes to take effect:

sudo systemctl restart openresty

If Nginx OpenResty is not set up as a service, you may need to start it manually:

sudo /usr/local/openresty/nginx/sbin/nginx

Step 6: Auto-Renew OpenResty SSL Certificate with Certbot

Let’s Encrypt certificates expire every 90 days, so setting up auto-renewal is important.

Add the following cron job to renew the certificate automatically:

sudo crontab -e

Add this line at the end:

0 0 * * * certbot renew --quiet && systemctl reload openresty

This will check and renew the certificate daily at midnight.

Conclusion

Your Nginx OpenResty server is now secured with SSL! You’ve successfully completed the OpenResty SSL setup, installed Nginx OpenResty, configured SSL with Certbot, and set up auto-renewal for your certificates. Now, your website can securely serve content over HTTPS.

For further reading, check out:

• OpenResty Official Documentation
• Certbot’s Documentation

If you have any questions or face issues, feel free to drop a comment below!