Secure Nginx with Let’s Encrypt


If you're running a website or app, securing it with HTTPS is a must. Not only does HTTPS protect your users’ data with encryption, but it also improves trust and even your site's SEO ranking.
Let’s Encrypt?
Let’s Encrypt is a free and trusted Certificate Authority (CA) that provides SSL/TLS certificates. Using their service with Certbot (the official tool for managing certificates) makes SSL setup almost effortless - especially when paired with Nginx.
Here’s what I had set up before starting:
A VM running Ubuntu 22.04 on Azure
Nginx installed and running
Ports 80 (HTTP) and 443 (HTTPS) open
A domain name with an A record pointing to the VM’s public IP
This ensures that your domain resolves to your server and that Let's Encrypt can validate domain ownership.
Step-by-Step Setup
Install Certbot and the Nginx Plugin
First, install Certbot and its Nginx integration plugin:
sudo apt install certbot python3-certbot-nginx
Edit Nginx Server Block
Open your site’s Nginx config:
sudo vi /etc/nginx/sites-available/example.com
In the server
block, make sure to add:
server_name example.com;
Nginx needs to know which domain this block is for. This is how Certbot identifies which site to secure.
Test Nginx Config
Check for any syntax errors:
sudo nginx -t
Apply your changes:
sudo systemctl reload nginx
Obtain and Install SSL Certificate
Now, let’s request the SSL certificate and configure Nginx in one command:
sudo certbot --nginx -d example.com
If this is your first time running certbot
, you will be prompted to enter an email address and agree to the terms of service.
This command will:
Verify your domain ownership
Download and install the SSL certificate
Automatically configure your Nginx site for HTTPS
Verifying Everything Works
Certbot sets up an automatic renewal timer. Verify that it's running:
sudo systemctl status certbot.timer
Let’s Encrypt certificates expire every 90 days, so automated renewal is critical.
Test Renewal
Do a dry-run of the renewal process to ensure it's working:
sudo certbot renew --dry-run
This makes sure your renewal process will succeed before it really matters.
Here we go!
Conclusion
Securing your website or app with HTTPS is essential for encrypting user data, enhancing trust, and boosting SEO. Let’s Encrypt offers free SSL/TLS certificates via Certbot, simplifying setup with Nginx. The step-by-step guide includes installing Certbot and the Nginx plugin, editing the Nginx server block with your domain, and using Certbot to obtain and install an SSL certificate. Automated renewal ensures certificates stay valid, with verification and renewal testing processes included.
Subscribe to my newsletter
Read articles from Linn Latt Oo directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
