How To Secure Nginx with Let’s Encrypt on Ubuntu 20.04

Step 1- Install Certbot

root@testserver:~# apt install certbot python3-certbot-nginx

Certbot is now ready for usage, but some of its configuration needs to be confirmed before it can be set up for Nginx.

Firstly, confirm if the server block exists on your nginx configuration

root@testserver:~# cat /etc/nginx/sites-available/testdomain.com

You should have a block with the details below ( note the test domain.com needs to be your actual domain name)

server_name example.com www.example.com;

If the block exists, you can proceed with the next step below; otherwise, Click here for steps to configure LEMP on Ubuntu 20.04

Step 3 – Allow UFW firewall; check the status using the command below

root@testserver:~# ufw status

We need to allow FULL Nginx Profile to let in HTTPS traffic;

root@testserver:~# ufw allow 'Nginx Full'
root@testserver:~# ufw delete allow 'Nginx HTTP'

Confirm the status again with ”ufw status; the final output should be;

Output
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
Nginx Full                 ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
Nginx Full (v6)            ALLOW       Anywhere (v6)

Now, let’s run the cerbot command to obtain the SSL

root@testserver:~# certbot --nginx -d testdomain.com -d www.testdomain.com

If you are using Certbot for the first time, you will be requested to enter your email address and confirm your acceptance of the terms of service. Following this, Certbot will connect to the Let’s Encrypt server and launch a challenge to verify that you are the domain owner for which you are applying for a certificate.

If successful, you will have the output below;


IMPORTANT NOTES:
 Congratulations! You have successfully enabled https://testdomain.com and
https://www.testdomain.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=testdomain.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.testdomain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/testdomain.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/testdomain.com/privkey.pem
   Your cert will expire on 2023-11-20. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Congratulations, you have successfully installed the SSL. Examine your browser’s security indicator after reloading your webpage with the https:// protocol. It should display a lock icon to ensure the website is properly secured.

Was this article helpful?

Related Articles

Leave A Comment?

This site uses Akismet to reduce spam. Learn how your comment data is processed.