How To Setup Rocket Chat SSL Configuration Using Letsencrypt For Nginx5 min read
When install Rocket chat so must be install ssl using free or purchase. Now I have to show you can using Let’Encrypt fully free ssl service. This certificate default valid date 3 month. But I setup auto renewal process on my server. If your server is local so must be using NAT system for forward port.
★ How To Install Zabbix 5.0 On Centos 7
★ How To Install Zabbix Server On Ubuntu 18.04
NAT PORT 443 (LAN) ➺ 443 (WAN) << Parmenent
NAT PORT 80 (LAN) ➺ 80 (WAN) << Only for before install ssl
My Public IP address : 45.251.231.171
My Local IP address : 10.66.30.10
Step #01: Must be your server update & upgrade then install nginx web server.
root@Rocket-Chat:~# apt-get update root@Rocket-Chat:~# apt-get install software-properties-common python-software-properties root@Rocket-Chat:~# apt-get install nginx root@Rocket-Chat:~# systemctl status nginx.service
Before install ssl so must be disable 80 port from your server.
root@Rocket-Chat:~# netstat -pan | grep ":80" root@Rocket-Chat:~# pkill -f nginx root@Rocket-Chat:~# systemctl start nginx.service root@Rocket-Chat:~# systemctl status nginx.service
Step #02: Now install let’sencrypt and certbot and configure nginx web server.
root@Rocket-Chat:~# add-apt-repository ppa:certbot/certbot root@Rocket-Chat:~# apt-get update root@Rocket-Chat:~# apt-get install letsencrypt root@Rocket-Chat:~# wget https://dl.eff.org/certbot-auto -P /usr/local/bin root@Rocket-Chat:~# chmod a+x /usr/local/bin/certbot-auto root@Rocket-Chat:~# export DOMAIN="chat.technologyrss.com" root@Rocket-Chat:~# export EMAIL_ALERT="[email protected]"
Step #03: Install free SSL from let’sencrypt for nginx server.
root@Rocket-Chat:~# /usr/local/bin/certbot-auto certonly --standalone -d $DOMAIN --preferred-challenges http --agree-tos -n -m $EMAIL_ALERT --keep-until-expiring
Backup old nginx web config file and edit for using ssl.
root@Rocket-Chat:~# cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.back root@Rocket-Chat:~# vi /etc/nginx/sites-available/default
Step #04: Drop previous all lines and insert below all lines. And change your domain name for ssl config.
# Upstream definition
upstream backend {
server 127.0.0.1:3000;
}
# http to https redirection
server {
listen 80;
server_name chat.technologyrss.com;
rewrite ^ https://$server_name$request_uri? permanent;
}
# HTTPS Server
server {
listen 443;
server_name chat.technologyrss.com;
error_log /var/log/nginx/rocket-chat.access.log;
ssl on;
ssl_certificate /etc/letsencrypt/live/chat.technologyrss.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/chat.technologyrss.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
location / {
proxy_pass http://backend/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
Step #05: Restart nginx web server and run renew command.
root@Rocket-Chat:~# nginx -t root@Rocket-Chat:~# service nginx restart root@Rocket-Chat:~# certbot-auto renew
If see any error so please goto YouTube channel and see more details. Please subscribe my channel for more update.
I am system administrator as Windows and Linux platform. I have 4 years skilled from the professional period. I have to configure Linux based system such as an Asterisk VOIP system, Network monitoring tools (ZABBIX), Virtualization (XEN Server), Cloud computing (Apache CloudStack) etc. Now share my professional skill each interested person.
Thanks to all.
Thanks to all.
Latest posts by Admin (see all)
- How To Enable SSH On Debian 13 Server - September 13, 2025
- Is Debian 13 Server on VirtualBox the EASIEST Way to Get Started - September 11, 2025
- How To Install Zabbix Server 7.4 On Ubuntu 22.04 - September 10, 2025
