How to install SSL with letsEncrypt on Nginx in Ubuntu 20.04

Shadman AhmedShadman Ahmed
2 min read

To set up SSL for a specific domain on your Nginx server using a free SSL certificate from Let's Encrypt, we can follow these steps:

Step 1: Install Certbot and Nginx Plugin

First, make sure you have Certbot and the Nginx plugin installed. The installation process varies depending on your Linux distribution.

On Ubuntu/Debian:

sudo apt update
sudo apt install certbot python3-certbot-nginx

Step 2: Obtain an SSL Certificate for Your Specific Domain

Run Certbot with the Nginx plugin to obtain and install the certificate for your specific domain.

sudo certbot --nginx -d your_domain.com

Replace your_domain.com with your actual domain name. Certbot will prompt you to provide an email address for urgent renewal and security notices, and to agree to the terms of service.

Step 3: Configure Nginx to Use the SSL Certificate

Certbot can automatically configure Nginx for you, but you might need to manually adjust your Nginx configuration if needed. Here’s an example of what your Nginx server block might look like:

server {
    listen 80;
    server_name your_domain.com www.your_domain.com;

    location / {
        # Redirect all HTTP requests to HTTPS
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name your_domain.com www.your_domain.com;

    ssl_certificate /etc/letsencrypt/live/your_domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/your_domain.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/your_domain.com/chain.pem;

    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    location / {
        # Your existing Nginx configuration for handling requests
    }
}

Replace your_domain.com with your actual domain name.

Step 4: Reload Nginx

After configuring Nginx, reload the service to apply the changes:

sudo systemctl reload nginx

Step 5: Verify SSL Installation

Visit your website using https://your_domain.com to verify that the SSL certificate is installed correctly and the connection is secure.

Step 6: Set Up Automatic Renewal

Let’s Encrypt certificates are valid for 90 days. Certbot sets up a cron job or systemd timer to handle automatic renewals. To test the automatic renewal process, you can run:

sudo certbot renew --dry-run

If the dry run completes without errors, the automatic renewal is working correctly.

By following these steps, you can set up SSL for a specific domain on your Nginx server using a free certificate from Let's Encrypt.

Thanks for reading.

0
Subscribe to my newsletter

Read articles from Shadman Ahmed directly inside your inbox. Subscribe to the newsletter, and don't miss out.

nginxSSLSSL CertificateLet's Encrypt

Written by

Shadman Ahmed
Shadman Ahmed

Just another software engineer