• Home
  • Linux
  • Ubuntu
  • Debian
  • CentOS
  • Linux Commands
  • About Us
  • Donate
TecNStuff
Menu
  • Home
  • Linux
  • Ubuntu
  • Debian
  • CentOS
  • Linux Commands
  • About Us
  • Donate

Secure Nginx with Let’s Encrypt on Ubuntu 18.04

Written by Admin, Updated On May 7, 2019
certbot, let's encrypt, nginx, ssl, ubuntu
Secure Nginx with Let's Encrypt on Ubuntu 18.04

Let’s Encrypt is a free and open Certificate Authority (CA). It provides a simple way to obtain, install and renew free TLS/SSL certificates. This tutorial outlines how to obtain and install free Let’s Encrypt SSL certificate and Secure Nginx on Ubuntu 18.04 server.

Prerequisites#

  • Ubuntu server with a non-root user with sudo privileges.
  • Nginx must installed and configured, as shown in this tutorial.
  • Have a Nginx server block for your domain, as shown in this tutorial.
  • Your domain name should pointing to your server IP address.

Install Let’s Encrypt on Ubuntu#

Here, outlines steps to use Certbot tool to obtain a free SSL certificate for Nginx on Ubuntu 18.04 server. Now a days, Let’s Encrypt SSL certificates are trusted by almost all browsers.

Install Certbot Client#

You can easily obtain, install and renew Let’s Encrypt SSL certificates, using Certbot client package. It is useful to configure web servers to use the SSL certificates. The certbot package is included in the default Ubuntu repositories.

First of all, we will update the packages list index by typing:

sudo apt update

Now install Certbot client by executing below command:

sudo apt install python-certbot-nginx

Also, you can verify that certbot is installed successfully or not by typing:

certbot --version

Setting Up Firewall#

If your server is protected by UFW firewall then you need to adjust firewall to allow HHTPS traffic.

To see the current settings by type:

sudo ufw status
Output
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx HTTP ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx HTTP (v6) ALLOW Anywhere (v6)

To get HTTPS traffic, you need to allow the Nginx Full profile and delete the redundant Nginx HTTP profile allowance:

sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'

Now status will look like as below:

Output
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)

Obtain Let’s Encrypt SSL Certificate on Nginx#

You can obtain SSL certificates with multiple ways. Here, we will use certbot client to obtain a SSL certificate:

sudo certbot --nginx -d example.com -d www.example.com

Here, we are requesting for example.com and www.example.com domains. If this is first time to install then it will ask you enter email address and agree terms and conditions. Entered email address will be used for sending email alerts related to SSL renewal and expiration.

Next, If validation got success it will ask you to configure HTTPS settings:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Select option 1 or 2 as per your choice and hit Enter to continue. Nginx Server Blocks will update based on your selected option and it will reload Nginx to take new settings effect.

Finally, your domain is secured with Let’s Encrypt SSL certificate. You can verify by visiting your site with HTTPS protocol.

Auto Renew Let’s Encrypt SSL certificate#

Let’s Encrypt SSL certificates have short-life period of 90 days so you need to renew it before it expire. You can renew SSL certificate before it get expired by typing:

sudo certbot renew

In addition, you can setup auto renew process for Let’s Encrypt SSL certificates by adding a cronjob. Execute below command to open crontab:

sudo crontab -e

Next, add the below line at end of file. It will run the command twice a day and renews if the certificate is about to expire.

0 */12 * * * root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

Save and close the file.

You also can verify certbot auto-renewal process by typing:

sudo certbot renew --dry-run

Conclusion#

In this guide, you learned how to install certbot client, obtain Let’s Encrypt SSL certificate and configured to Nginx to use the certificates. At the end of tutorial, you learned to set up a cronjob for automatic certificate renewal.

You can know more about how to use Certbot, their documentation is a good starting point.

If our content helps you, please consider buying us a coffee

Thank you for your support.

Share On
Share on Facebook
Share on Twitter
Share on Reddit
Share on Tumblr
 Previous Article How to Set Up Nginx Server Blocks on Ubuntu 18.04
Next Article   How to Install PHP 7.3 on Ubuntu 18.04

Related Posts

  • How to Install and Use PHP Composer on Ubuntu 22.04

    How to Install Composer on Ubuntu 22.04

    January 31, 2023
  • How to Install Nginx on Ubuntu 22.04

    How to Install Nginx on Ubuntu 22.04

    January 28, 2023
  • How to Install Puppet Agent on Ubuntu 22.04

    How to Install Puppet Agent on Ubuntu 22.04

    January 22, 2023

Leave a Reply Cancel reply

DigitalOcean Referral Badge

Popular Posts

  • How to Install SSH Keys on Ubuntu 22.04
    How to Set up SSH Keys on Ubuntu 22.04 January 7, 2023
  • How to Install Mongodb on Debian 11
    How to Install MongoDB on Debian 11 Linux January 11, 2023
  • How to Install Puppet Agent on Ubuntu 22.04
    How to Install Puppet Agent on Ubuntu 22.04 January 22, 2023
  • How to Install Jenkins on Debian 11
    How to Install Jenkins on Debian 11 January 5, 2023
  • How to Change-Hostname Ubuntu 22.04
    How to Change Hostname on Ubuntu 22.04 January 19, 2023
© 2020 TecNStuff All rights reserved. This website is using and storing cookies on your browser. By using this website you agree our Privacy Policy.  Follow us -  Twitter | Facebook