Install Let's Encrypt SSL Certificate with Nginx on Ubuntu 22.04
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public's benefit.
To setup Let's Encrypt with Nginx, you will need the below prerequisites.
Prerequisites
To setup Let's Encrypt with Nginx, you will need the below prerequisites.
- Ubuntu 22.04 installed and having
root
access to the system. - Domain name with A record pointing to your server's IP address.
Update the System
Before we begin with installating additional packages, we will update the system to latest,
apt dist-upgrade
Install Snapd
Install the snapd
package using the below command
apt install snapd
Update the Snap with below commands,
snap install core; snap refresh core
Install Nginx
apt install nginx
Now, restart & check the nginx with the following commands:
systemctl start nginx
systemctl enable nginx
Installing Certbot
Run the command to install certbot specific to Nginx
snap install --classic certbot
Execute the following command to ensure that the certbot command can be run.
ln -s /snap/bin/certbot /usr/bin/certbot
Set up a Nginx vHost for the SSL Certificate
Confirm that the Virtual host for your domain is set up and working.
Open the virtual file:
nano /etc/nginx/conf.d/example.com.conf
Replace the example.com with your actual domain name in the configuration and the configuration file name.
The web root path is where the application or site resides and can be updated accordingly.
Output:
server {
listen 80;
listen [::]:80;
root /var/www/example.com/public_html;
index index.html;
server_name example.com www.example.com;
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
location / {
try_files $uri $uri/ =404;
}
}
If an error occurs, check for any typos or missing characters and once the syntax is correct, reload the Nginx to load new configuration.
systemctl reload nginx
Set up SSL Certificate
Run this command to get a certificate and have Certbot edit your Nginx configuration automatically to serve it, turning on HTTPS access in a single step.
certbot --nginx -d example.com -d www.example.com
You will have to accept the terms of service.
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2020-09-05. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
You will receive this acknowledgement that the SSL certificate for example.com and www.example.com are successfull.
You can now verify your website using https:// that the connection is secure with the lock icon in the usrl bar.
To check that you have top-of-the-line installation, navigate to https://www.ssllabs.com/ssltest/.
Certbot Auto-Renewal
certbot renew
This concludes setting up and configuring Let's Encrypt for Nginx on Ubuntu 22.04.