Manoj Damor

Unlock the World of Coding with Coding Funda

How To Secure Nginx with Let’s Encrypt on Ubuntu 20.04

2 min read
How To Secure Nginx with Let’s Encrypt on Ubuntu 20.04

How To Secure Nginx with Let’s Encrypt on Ubuntu 20.04

Securing Nginx with Let’s Encrypt on Ubuntu 20.04 involves obtaining and installing an SSL/TLS certificate from Let’s Encrypt to enable HTTPS for your web server. Here’s a step-by-step guide on how to do this:

Step 1: Prerequisites

Before you begin, make sure you have the following:

  • A registered domain name pointing to your server’s IP address.
  • A server running Ubuntu 20.04.
  • Nginx is installed and configured to serve your website.

Step 2: Install Certbot

Certbot is the official client for Let’s Encrypt. You can install it from the default Ubuntu repositories:

sudo apt update
sudo apt install certbot python3-certbot-nginx

Step 3: Obtain a Let’s Encrypt Certificate

Run Certbot to obtain an SSL certificate for your domain. Replace your_domain.com with your actual domain:

sudo certbot --nginx -d your_domain.com

Certbot will automatically detect your Nginx configuration and prompt you to configure your SSL settings. When prompted, choose the option to redirect HTTP traffic to HTTPS.

Step 4: Test the Renewal Process

Let’s Encrypt certificates expire after 90 days. To ensure automatic renewal is set up correctly, you can run a test renewal:

sudo certbot renew --dry-run

Step 5: Update Nginx Configuration

Certbot automatically updates your Nginx configuration to use the SSL certificate. You can check this by examining your Nginx configuration file for the site. Typically, this file is located in /etc/nginx/sites-available/ and has a symbolic link in /etc/nginx/sites-enabled/. It should contain SSL-related directives like these:

server {
    listen 443 ssl;
    server_name your_domain.com;

    ssl_certificate /etc/letsencrypt/live/your_domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your_domain.com/privkey.pem;

    # Other SSL-related settings...
}

Step 6: Adjust Your Firewall Rules (if applicable)

If you have a firewall, such as UFW, you’ll need to allow HTTPS traffic:

sudo ufw allow 'Nginx Full'

sudo ufw allow 'Nginx Full'

Step 7: Test HTTPS

Restart Nginx to apply the changes:

sudo systemctl restart nginx

Visit your website using HTTPS (https://your_domain.com). You should now see a padlock icon in the browser’s address bar, indicating that your site is secured with SSL.

Step 8: Set up Automatic Renewal

By default, Certbot should set up a cron job for certificate renewal. You can verify this by checking the contents of the /etc/cron.d/certbot file:

cat /etc/cron.d/certbot

This cron job will run twice daily to check for certificate expiration and renew them if necessary.

That’s it! You’ve successfully secured Nginx with Let’s Encrypt on Ubuntu 20.04. Your website should now be accessible over HTTPS, providing encryption and security for your users’ data.

Check My Social Profile Links

Instagram

Youtube

Website

Linkedin

Android Application

About The Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow by Email
fb-share-icon
Share