How to Install and Configure Let's Encrypt SSL on an Ubuntu Server with Nginx

Securing your website with SSL is crucial for ensuring the safety of your users' data and boosting your site's credibility. This guide provides a step-by-step process for installing and configuring Let’s Encrypt SSL on an Ubuntu server using Nginx.


Introduction

SSL certificates are essential for encrypting data between a user's browser and your server. Let’s Encrypt is a popular and free Certificate Authority (CA) that automates the process of obtaining and installing SSL certificates. In this tutorial, we will walk through the installation and configuration of Let’s Encrypt SSL on an Ubuntu server, ensuring your website is secure.


Step 1: Update the Package List and Install Let’s Encrypt

Before installing any new software, it's important to update your server's package list to ensure you are installing the latest versions.

$ sudo apt update

Install Required Software Packages

Next, install the software properties package and add the Certbot repository:

$ sudo apt install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt update

Now, install Let’s Encrypt on your server:

$ sudo apt install letsencrypt

This command installs the Let’s Encrypt dummy package, which includes Certbot and other utilities necessary for SSL installation.


Step 2: Configure Nginx for Let’s Encrypt SSL

To handle SSL certificate requests efficiently, we need to configure Nginx. In this example, we'll use the domain ssl.itsyndicate.org, but be sure to replace it with your actual domain name.

Nginx Configuration for SSL

Create a basic Nginx configuration to handle non-SSL requests:

server {
 listen 80 default_server;
 server_name _;
 location ~ /\.well-known/acme-challenge/ {
  allow all;
  root /var/www/letsencrypt;
  try_files $uri =404;
  break;
 }
}

This configuration captures all requests to the /.well-known/acme-challenge/ directory, which is where Let’s Encrypt verifies domain ownership. To prepare for this, create the necessary directory:

$ sudo mkdir -p /var/www/letsencrypt

Test Nginx Configuration

Before applying the changes, it's crucial to check for syntax errors:

$ sudo nginx -t

If the configuration test is successful, reload Nginx to apply the changes:

$ sudo service nginx reload


Step 3: Request a Let’s Encrypt SSL Certificate

Now that Nginx is configured, you can request your SSL certificate from Let’s Encrypt:

$ sudo letsencrypt certonly -a webroot --webroot-path=/var/www/letsencrypt -m your_mail@example.com --agree-tos -d your_domain.com

Command Options Explained

  • --webroot-path=/var/www/letsencrypt: Specifies the directory for storing requests.
  • -m your_mail@example.com: Sets your email address for renewal notifications.
  • --agree-tos: Automatically agrees to the Terms of Service.
  • -d your_domain.com: Specifies the domain for which to issue the SSL certificate.

Upon successful execution, you should receive a confirmation message, including details about where the certificate and key files are stored.


Step 4: Configure Nginx to Serve HTTPS

With the SSL certificate installed, you need to configure Nginx to serve HTTPS traffic.

Nginx vHost Configuration

Edit your Nginx server block to include the SSL certificate paths:

server {
 server_name your_domain.com;
 listen 443 ssl;
 ssl on;
 ssl_certificate /etc/letsencrypt/live/your_domain.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/your_domain.com/privkey.pem;
 root /var/www/html/;
 index index.php index.html index.htm;
 location ~ /.well-known {
  root /var/www/letsencrypt;
  allow all;
 }
}

Test and Reload Nginx

Once the configuration is complete, test and reload Nginx:

$ sudo nginx -t
$ sudo service nginx reload


Step 5: Set Up Auto-Renewal for Let’s Encrypt SSL

I use the same file '/etc/cron.daily/letsencrypt' but with another content:

#!/bin/bash
# /usr/bin/letsencrypt renew --renew-hook "/etc/init.d/nginx reload"


Step 6: Test Your SSL Configuration

After configuring everything, it's time to test your SSL setup. There are several ways to do this; two common methods include using curl and checking via a web browser.

Testing with curl

Use the following command to test your SSL certificate:

$ curl -vI https://your_domain.com

Check SSL in Browser

Alternatively, open your website in Google Chrome and inspect the SSL certificate through the developer tools under the "Security" tab.


Conclusion

By following these steps, you've successfully installed and configured a Let’s Encrypt SSL certificate on your Ubuntu server with Nginx. This ensures that your website is secure, providing peace of mind to your users and improving your site's credibility. Regularly testing your SSL configuration and setting up auto-renewal will keep your website secure without needing constant manual intervention.

Comments

AUTHOR

Susanta Kumar Das

Susanta Kumar Das

Chief Technology Officer (CTO)

Susanta, the Chief Technology Officer at BlueHorse, has over 11 years of experience in technology development. He is a passionate coder who loves creating innovative solutions and developing new technology to address real-life problems. Susanta loved cooking since early childhood and aspired to become a hotelier. However, destiny had a different plan and he had to pivot to IT, which eventually became his true passion. Nevertheless, his love for cooking remains, and he enjoys treating his friends to his culinary creations.

View Profile

TOP CATEGORY

IONIC Magento Shopify LARAVEL SEO Miscellaneous Node js Tech Buzz Design eCommerce Wordpress Development Digital Maketing Testing Server PHP Flutter Latest from Bluehorse MSME Codeigniter GitHub Mobile App Development Repository Social Media Sharing Next.js Personal Improvement Human Resources Python Nginx Top QSR brand Dine-in app

We Serve clients globally in diverse industries

Stay Upto Date With Our Newsletter.