Having an SSL certificate on the domain name is really important. Thankfully, we can generate and add a free SSL certificating using LetsEncrypt for Nginx.
The certificate shows the credibility of the website. It also helps in improving search engine ranking as Google has decided it as one of the ranking factors.
In this article, we will be learning how to install and set up Let’s Encrypt for Nginx using Certbot program. This will help us to enable the security certificate to the domain address and request the secured HTTP request.
Let’s dive into the topic with installing and configure Let’s Encrypt with Nginx web server —
What is Let’s Encrypt?
Per Wikipedia –
Let’s Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security encryption at no charge.
The certificate is valid for 90 days, during which renewal can take place at any time. We can generate the certificate using a program called Certbot which will also help in automatic renewal 30 days before expiration.
The SSL certificate is 100% free and forever!
Pre-requisite for LetsEncrypt Nginx
Before we get started with installing LetsEncrypt, we need to make sure that our Nginx configuration is correctly set. The certbot program directly reads and write into Nginx file.
The important set up that we need to make is sure to have server_name is set to the domain name. Since we have set up the LEMP stack to read from Nginx default file, we will verify the same.
Open the Nginx configuration file using nano editor:
sudo nano /etc/nginx/sites-available/default
Check if the server_name is set with your domain address. In my setup, it should be:
If you’ve made the changes to reflect server name to your domain address, then test the configuration file using below command:
sudo nginx -t
If everything looks OK, then restart the Nginx using below command to commit the changes on the server.
sudo service restart nginx
Install Certbot for Let’s Encrypt
Now that we are all good with Nginx, let’s start installing LetEncrypt certificate on the server. As I mentioned, we will be using the Certbot program to manage the free SSL encryption.
Let’s start off with updating the repository and installing the pre-requisite software.
sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository universe
Now add the certbot repository path to the apt to fetch and upgrade certbot in future.
sudo add-apt-repository ppa:certbot/certbot sudo apt-get update
Install the certbot program on Ubuntu cloud using below command.
sudo apt-get install certbot python-certbot-nginx
Once the installation is completed, run below command to generate the certificate. This will also modify the Nginx blocks configuration file to enable the HTTP to HTTPS redirection along with updating live certificate locations.
sudo certbot --nginx -d example.com -d www.example.com
In my case, I will be installing a certificate only at demo.restorebin.com.
sudo certbot --nginx -d demo.restorebin.com
You’ll be prompted to enter a few details while generating the certificate specific to your domain name.
In the process, you will be also asked how to manage the HTTP traffic and provided with two options.
- No redirect – Make no further changes to the web server configuration.
- Redirect – Make all requests redirect to secure HTTPS access.
You should choose the second option to make the website or blog more secured and redirect HTTP traffic to HTTPS in order to avoid the duplicate content issue as HTTP & HTTPS versions.
Test Domain SSL Certificate
Once the certificate is generated successfully, you can test the authenticity and score at SSLLabs.com. Copy and paste the URL in the browser in below format replacing your domain name.
For www.example.com at:
For example.com at:
I will be testing the SSL certificate for demo.restorebin.com at below URL.
The test will take a few minutes to complete. It will check all the parameters and configuration including in Nginx configuration.
Do not expect the SSL to be perfect A+ score, we haven’t completely configured the Nginx with additional security setup. We will be covering that in the later part of the series.
Renew LetsEncrypt Certificate for Nginx
Let’s Encrypt certificate issued for 90 days only. If we do not renew the certificate, it gets expired post 90 days. But thankfully, the certbot program has the ability to automatically renew the SSL certificate 30 days prior to expiration.
You can also check the validity of the certificate by hitting on the padlock on the domain name and select the certificate.
When certbot is being installed, it also adds a rule into CRON jobs to check the certificate validity daily.
We can check whether certificates need renewal by hitting the dry run command.
sudo certbot renew --dry-run
This command will just stimulate the certificate renewal, however, do not update the existing certificates.
If you want to renew the certificate immediately, you can run the following command without dry run :
sudo certbot renew
You can also view the installed certificates for all the domains on your server using below command:
sudo certbot certificates
This will also display the information about certificate expiration due date.
Watch how to configure Let’s Encrypt for Nginx
Watch a complete video demo on installing LetsEncrypt program for Nginx and also test the domain’s SSL certification.
I hope you liked the video, please subscribe to our channel for more updates.
What’s next in #CloudServer series?
I hope this article was helpful, next we are going to cover how to secure our Ubuntu cloud server using Firewall. We will be installing and configure the UFW program for firewall security.
If you've any thoughts on Setup LetsEncrypt for Nginx using Certbot for Free SSL Certificate, then feel free to drop in below comment box. Also, please subscribe to our restoreBin YouTube channel for amazing videos tips. Cheers!