How to Secure Nginx with Let’s Encrypt on Ubuntu 20.04

Secure Nginx with Let's Encrypt on Ubuntu 20.04

In this article, we will have explained the necessary steps to secure Nginx with let’s encrypt on Ubuntu 20.04 LTS. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.

Let’s Encrypt is a free, automated, and open certificate authority developed by the Internet Security Research Group (ISRG) that provides free SSL certificates. Let’s Encrypt uses client software (certbot) that automates the process of certificate creation, validation, signing, implementation, and renewal of certificates.

Secure Nginx with Let’s Encrypt on Ubuntu 20.04

Step 1. First, before you start installing any package on your Ubuntu server, we always recommend making sure that all system packages are updated.

Note: Before install the Let’s Encrypt SSL domain should be well accessed and use the Nginx virtual host. Read the tutorial on how to install Nginx on Ubuntu.

Step 2. Install Certbot.

Certbot is a fully-featured and easy to use tool that automates the tasks for obtaining and renewing Let’s Encrypt SSL certificates and configuring web servers to use the certificates. To install it run the following commands:

After that, Generate a new set of 2048 bit DH parameters by typing the following command:

The Let’s Encrypt server makes HTTP requests to the temporary file to verify that the requested domain resolves to the server where certbot runs. To make it more simple we’re going to map all HTTP requests for .well-known/acme-challenge to a single directory, /var/lib/letsencrypt:

Then, create the following two snippets which will be included in all Nginx server block files:

Next, create the second snippet, ssl.conf:

Next, open the domain server block file and include the letsencrypt.conf:

Don’t forget to create a symbolic link from the file to the sites-enabled directory:

Once done, run Certbot with the webroot plugin and obtain the SSL certificate files by issuing:

Finally, steps, edit your domain server block as follows:

Reload the Nginx service for changes to take effect:

Step 3. Checking your Certificate Status.

You can ensure that Certbot created your SSL certificate correctly by using the SSL Server Test from the cloud security company Qualys. Open the following link in your preferred web browser, replacing with your base domain:

Step 4. Renew Let’s Encrypt SSL Certificate

And finally, test automatic renewal:

That’s all you need to do to install SSL Let’s Encrypt with Nginx on Ubuntu 20.04 Focal Fossa. I hope you find this quick tip helpful. If you have questions or suggestions, feel free to leave a comment below.