Setup LetsEncrypt for Nginx using Certbot for Free SSL Certificate

Learn to set up a complete LetsEncrypt on Nginx Server using Certbot program on Ubuntu Cloud VPS for the free SSL certificate that auto-renews before expiry.

Having an SSL certificate on the domain name is really important. Thankfully, we can generate and add a free SSL certificating using LetsEncrypt for Nginx.

The certificate shows the credibility of the website. It also helps in improving search engine ranking as Google has decided it as one of the ranking factors.

In this article, we will be learning how to install and set up Let’s Encrypt for Nginx using the Certbot program. This will help us to enable the security certificate to the domain address and request the secured HTTP request.

If you’re not aware, this is the fifth article and video demo of the #CloudServer series. We have recently published on how to install and configure Postfix with Gmail SMTP relay for SEND-only action.

Let’s dive into the topic with installing and configure Let’s Encrypt with Nginx webserver —

What is Let’s Encrypt?

Per Wikipedia

Let’s Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge.

The certificate is valid for 90 days, during which renewal can take place at any time. We can generate the certificate using a program called Certbot which will also help in automatic renewal 30 days before expiration.

The SSL certificate is 100% free and forever!

Pre-requisite for LetsEncrypt Nginx

Before we get started with installing LetsEncrypt, we need to make sure that our Nginx configuration is correctly set. The certbot program directly reads and writes into the Nginx file.

The important set up that we need to make is sure to have server_name is set to the domain name. Since we have set up the LEMP stack to read from Nginx default file, we will verify the same.

Open the Nginx configuration file using nano editor:

sudo nano /etc/nginx/sites-available/default

Check if the server_name is set with your domain address. In my setup, it should be:


server_name setup in nginx for letsencrypt

If you’ve made the changes to reflect server name to your domain address, then test the configuration file using below command:

sudo nginx -t

If everything looks OK, then restart the Nginx using the below command to commit the changes on the server.

sudo service restart nginx

Install Certbot for Let’s Encrypt

Now that we are all good with Nginx, let’s start installing the LetEncrypt certificate on the server. As I mentioned, we will be using the Certbot program to manage the free SSL encryption.

Let’s start off with updating the repository and installing the pre-requisite software.

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe

update apt repository for certbot

Now add the certbot repository path to the apt to fetch and upgrade certbot in the future.

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

certbot PPA repository in APT library

Install the certbot program on the Ubuntu cloud using the below command.

sudo apt-get install certbot python-certbot-nginx

Once the installation is completed, run below command to generate the certificate. This will also modify the Nginx blocks configuration file to enable the HTTP to HTTPS redirection along with updating live certificate locations.

sudo certbot – nginx -d -d

In my case, I will be installing a certificate only at

sudo certbot – nginx -d

You’ll be prompted to enter a few details while generating the certificate specific to your domain name.
install and configure certbot for letsencrypt SSL certificate

In the process, you will be also asked how to manage the HTTP traffic and provided with two options.

  1. No redirect – Make no further changes to the webserver configuration.
  2. Redirect – Make all requests redirect to secure HTTPS access.

You should choose the second option to make the website or blog more secured and redirect HTTP traffic to HTTPS in order to avoid the duplicate content issue as HTTP & HTTPS versions.
HTTP to HTTPs redirection using certbot program with free SSL

Test Domain SSL Certificate

Once the certificate is generated successfully, you can test the authenticity and score at Copy and paste the URL in the browser in the below format replacing your domain name.
For at:

For at:

I will be testing the SSL certificate for at the below URL.

The test will take a few minutes to complete. It will check all the parameters and configuration including in Nginx configuration.
SSLLabs Test Report for domain

Do not expect the SSL to be perfect A+ score, we haven’t completely configured the Nginx with additional security setup. We will be covering that in the latter part of the series.

Renew LetsEncrypt Certificate for Nginx

Let’s Encrypt certificate issued for 90 days only. If we do not renew the certificate, it gets expired post 90 days. But thankfully, the certbot program has the ability to automatically renew the SSL certificate 30 days prior to expiration.

You can also check the validity of the certificate by hitting on the padlock on the domain name and select the certificate.
Let's Encrypt SSL Certificate Details

When certbot is being installed, it also adds a rule into CRON jobs to check the certificate validity daily.

We can check whether certificates need renewal by hitting the dry run command.

sudo certbot renew – dry-run

dry run certbot renewal

This command will just stimulate the certificate renewal, however, do not update the existing certificates.

If you want to renew the certificate immediately, you can run the following command without dry run :

sudo certbot renew

You can also view the installed certificates for all the domains on your server using below command:

sudo certbot certificates

Certificate Details installed with Certbot program

This will also display the information about the certificate expiration due date.

Watch how to configure Let’s Encrypt for Nginx

Watch a complete video demo on installing the LetsEncrypt program for Nginx and also test the domain’s SSL certification.

Setup Free SSL Certificate from LetsEncrypt for Nginx using Certbot

I hope you liked the video, please subscribe to our channel for more updates.

What’s next in the #CloudServer series?

I hope this article was helpful, next we are going to cover how to secure our Ubuntu cloud server using Firewall. We will be installing and configure the UFW program for firewall security.

Having a great firewall will protect the server from getting hacked, thanks to an in-build UFW firewall that works great.

If you've any thoughts on Setup LetsEncrypt for Nginx using Certbot for Free SSL Certificate, then feel free to drop in below comment box. If you find this article helpful, please consider sharing it with your network.

Also, please subscribe to our restoreBin YouTube channel for helpful videos.

Disclosure: This page may contain affiliate links, which means we may receive compensation for your purchases using our links; of course at no extra cost to you (indeed, you may get special discounts). This will support our effort to create more useful content, and keep it open and free forever.

Leave a Reply

Your email address will not be published. Required fields are marked *