Secure Nginx with Let’s Encrypt

Linn Latt OoLinn Latt Oo
3 min read

If you're running a website or app, securing it with HTTPS is a must. Not only does HTTPS protect your users’ data with encryption, but it also improves trust and even your site's SEO ranking.

Let’s Encrypt?

Let’s Encrypt is a free and trusted Certificate Authority (CA) that provides SSL/TLS certificates. Using their service with Certbot (the official tool for managing certificates) makes SSL setup almost effortless - especially when paired with Nginx.

Here’s what I had set up before starting:

  • A VM running Ubuntu 22.04 on Azure

  • Nginx installed and running

  • Ports 80 (HTTP) and 443 (HTTPS) open

  • A domain name with an A record pointing to the VM’s public IP

This ensures that your domain resolves to your server and that Let's Encrypt can validate domain ownership.

Step-by-Step Setup

Install Certbot and the Nginx Plugin

First, install Certbot and its Nginx integration plugin:

sudo apt install certbot python3-certbot-nginx

Edit Nginx Server Block

Open your site’s Nginx config:

sudo vi /etc/nginx/sites-available/example.com

In the server block, make sure to add:

server_name example.com;

Nginx needs to know which domain this block is for. This is how Certbot identifies which site to secure.

Test Nginx Config

Check for any syntax errors:

sudo nginx -t

Apply your changes:

sudo systemctl reload nginx

Obtain and Install SSL Certificate

Now, let’s request the SSL certificate and configure Nginx in one command:

sudo certbot --nginx -d example.com

If this is your first time running certbot, you will be prompted to enter an email address and agree to the terms of service.

This command will:

  • Verify your domain ownership

  • Download and install the SSL certificate

  • Automatically configure your Nginx site for HTTPS

Verifying Everything Works

Certbot sets up an automatic renewal timer. Verify that it's running:

sudo systemctl status certbot.timer

Let’s Encrypt certificates expire every 90 days, so automated renewal is critical.

Test Renewal

Do a dry-run of the renewal process to ensure it's working:

sudo certbot renew --dry-run

This makes sure your renewal process will succeed before it really matters.

Here we go!

Conclusion

Securing your website or app with HTTPS is essential for encrypting user data, enhancing trust, and boosting SEO. Let’s Encrypt offers free SSL/TLS certificates via Certbot, simplifying setup with Nginx. The step-by-step guide includes installing Certbot and the Nginx plugin, editing the Nginx server block with your domain, and using Certbot to obtain and install an SSL certificate. Automated renewal ensures certificates stay valid, with verification and renewal testing processes included.

0
Subscribe to my newsletter

Read articles from Linn Latt Oo directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Linn Latt Oo
Linn Latt Oo