Install Let's Encrypt SSL Certificate with Nginx on Ubuntu 22.04

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public's benefit.

To setup Let's Encrypt with Nginx, you will need the below prerequisites.

Prerequisites

To setup Let's Encrypt with Nginx, you will need the below prerequisites.

  • Ubuntu 22.04 installed and having root access to the system.
  • Domain name with A record pointing to your server's IP address.

Update the System

Before we begin with installating additional packages, we will update the system to latest,

apt dist-upgrade

Install Snapd

Install the snapd package using the below command

apt install snapd

Update the Snap with below commands,

snap install core; snap refresh core

Install Nginx

apt install nginx

Now, restart & check the nginx with the following commands:

systemctl start nginx
systemctl enable nginx

Installing Certbot

Run the command to install certbot specific to Nginx

snap install --classic certbot

Execute the following command to ensure that the certbot command can be run.

ln -s /snap/bin/certbot /usr/bin/certbot

Set up a Nginx vHost for the SSL Certificate

Confirm that the Virtual host for your domain is set up and working.

Open the virtual file:

nano /etc/nginx/conf.d/example.com.conf

Replace the example.com with your actual domain name in the configuration and the configuration file name.

The web root path is where the application or site resides and can be updated accordingly.

Output:

server {
    listen 80;
    listen [::]:80;

    root /var/www/example.com/public_html;

    index index.html;

    server_name example.com www.example.com;

    access_log /var/log/nginx/example.com.access.log;
    error_log /var/log/nginx/example.com.error.log;

    location / {
        try_files $uri $uri/ =404;
    }
}

If an error occurs, check for any typos or missing characters and once the syntax is correct, reload the Nginx to load new configuration.

systemctl reload nginx

Set up SSL Certificate

Run this command to get a certificate and have Certbot edit your Nginx configuration automatically to serve it, turning on HTTPS access in a single step.

certbot --nginx -d example.com -d www.example.com

You will have to accept the terms of service.

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2020-09-05. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

You will receive this acknowledgement that the SSL certificate for example.com and www.example.com are successfull.

You can now verify your website using https:// that the connection is secure with the lock icon in the usrl bar.

To check that you have top-of-the-line installation, navigate to https://www.ssllabs.com/ssltest/.

Certbot Auto-Renewal

certbot renew

This concludes setting up and configuring Let's Encrypt for Nginx on Ubuntu 22.04.