How To Secure Nginx with Let’s Encrypt on Ubuntu 20.04
Securing Nginx with Let’s Encrypt on Ubuntu 20.04 involves obtaining and installing an SSL/TLS certificate from Let’s Encrypt to enable HTTPS for your web server. Here’s a step-by-step guide on how to do this:
Step 1: Prerequisites
Before you begin, make sure you have the following:
- A registered domain name pointing to your server’s IP address.
- A server running Ubuntu 20.04.
- Nginx is installed and configured to serve your website.
Step 2: Install Certbot
Certbot is the official client for Let’s Encrypt. You can install it from the default Ubuntu repositories:
sudo apt update
sudo apt install certbot python3-certbot-nginx
Step 3: Obtain a Let’s Encrypt Certificate
Run Certbot to obtain an SSL certificate for your domain. Replace your_domain.com
with your actual domain:
sudo certbot --nginx -d your_domain.com
Certbot will automatically detect your Nginx configuration and prompt you to configure your SSL settings. When prompted, choose the option to redirect HTTP traffic to HTTPS.
Step 4: Test the Renewal Process
Let’s Encrypt certificates expire after 90 days. To ensure automatic renewal is set up correctly, you can run a test renewal:
sudo certbot renew --dry-run
Step 5: Update Nginx Configuration
Certbot automatically updates your Nginx configuration to use the SSL certificate. You can check this by examining your Nginx configuration file for the site. Typically, this file is located in /etc/nginx/sites-available/
and has a symbolic link in /etc/nginx/sites-enabled/
. It should contain SSL-related directives like these:
server {
listen 443 ssl;
server_name your_domain.com;
ssl_certificate /etc/letsencrypt/live/your_domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your_domain.com/privkey.pem;
# Other SSL-related settings...
}
Step 6: Adjust Your Firewall Rules (if applicable)
If you have a firewall, such as UFW, you’ll need to allow HTTPS traffic:
sudo ufw allow 'Nginx Full'
sudo ufw allow 'Nginx Full'
Step 7: Test HTTPS
Restart Nginx to apply the changes:
sudo systemctl restart nginx
Visit your website using HTTPS (https://your_domain.com). You should now see a padlock icon in the browser’s address bar, indicating that your site is secured with SSL.
Step 8: Set up Automatic Renewal
By default, Certbot should set up a cron job for certificate renewal. You can verify this by checking the contents of the /etc/cron.d/certbot
file:
cat /etc/cron.d/certbot
This cron job will run twice daily to check for certificate expiration and renew them if necessary.
That’s it! You’ve successfully secured Nginx with Let’s Encrypt on Ubuntu 20.04. Your website should now be accessible over HTTPS, providing encryption and security for your users’ data.