logo

Tutorial on securing an ExpressJS app with a free SSL certificate using Certbot and Nginx, follow these steps:

Install Certbot and the Nginx plugin by running the following command:

sudo apt install certbot python3-certbot-nginx

Create a new configuration file for your domain in the /etc/nginx/sites-available directory by running the following command:

sudo touch /etc/nginx/sites-available/example.com

Open the example.com file in a text editor and add the following configuration. This sets up a proxy to redirect traffic from port 80 (the default HTTP port) to your Express app running on port 3000:

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name example.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

Make sure that your Express app is running on port 3000. You can do this by adding the following code to your app, if it’s not already there:

const express = require('express');

const app = express();

app.get('/', (req, res) => {
  res.send('Hello, world!');
});

const port = process.env.PORT || 3000;
app.listen(port, () => {
  console.log(`Listening on port ${port}...`);
});

Use Certbot to create a free SSL certificate for your domain by running the following command:

certbot --nginx -d yourdomain.com

Reload Nginx to apply the new configuration and enable HTTPS support by running the following command:

systemctl restart nginx

To automatically renew your SSL certificate before it expires, run the following command:

certbot renew

To test that the renewal process is working correctly, you can simulate a renewal by running the following command:

sudo certbot renew --dry-run

That’s it! Your Express app is now secured with a free SSL certificate and can be accessed securely over HTTPS.