Use an SSL certificate

Now that NGINX is handling the traffic, we need to secure the connection with HTTPS using a free certificate from Let’s Encrypt.

Warning

Domain Requirement: You must have a valid domain name (e.g., at.emlproject.pages.dev) pointing to your server’s public IP. Let’s Encrypt does not support raw IP addresses (e.g., 192.168.1.50). If you access your EML AdminTool via an IP, it will remain in HTTP or raise security warnings.

Install Certbot

Certbot is the official tool to obtain Let’s Encrypt certificates.

Install Certbot and its NGINX plugin:

sudo apt install -y certbot python3-certbot-nginx

First, ensure the EPEL repository is enabled (often required for Certbot), then install:

sudo dnf install -y epel-release
sudo dnf install -y certbot python3-certbot-nginx

Obtain and configure the certificate

Certbot will read your NGINX configuration, validate your domain, and automatically update the NGINX file to enable HTTPS.

Run the following command:

sudo certbot --nginx

Follow the interactive instructions:

Enter email: Used for urgent renewal and security notices.
Terms of Service: Agree to them.
Select Domains: Certbot will list the domains found in your server_name directive (from the previous step).
- Select ONLY your domain name(s) (e.g., at.emlproject.pages.dev).
- Do NOT select IP addresses (e.g., 192.168.1.50), as the validation will fail for them.
Redirect: If asked, choose to Redirect HTTP traffic to HTTPS (recommended).

Verify auto-renewal

Let’s Encrypt certificates are valid for 90 days. Certbot installs a timer to renew them automatically. You can verify it works with a dry run:

sudo certbot renew --dry-run

Your AdminTool is now secure and accessible via https://at.emlproject.pages.dev.

Previous Set up NGINX Next Security advice