How To Secure Nginx with Let’s Encrypt on Ubuntu 20.04

Step 1- Install Certbot

root@testserver:~# apt install certbot python3-certbot-nginx

Certbot is now ready for usage, but some of its configuration needs to be confirmed before it can be set up for Nginx.

Firstly, confirm if the server block exists on your nginx configuration

root@testserver:~# cat /etc/nginx/sites-available/

You should have a block with the details below ( note the test needs to be your actual domain name)


If the block exists, you can proceed with the next step below; otherwise, Click here for steps to configure LEMP on Ubuntu 20.04

Step 3 – Allow UFW firewall; check the status using the command below

root@testserver:~# ufw status

We need to allow FULL Nginx Profile to let in HTTPS traffic;

root@testserver:~# ufw allow 'Nginx Full'
root@testserver:~# ufw delete allow 'Nginx HTTP'

Confirm the status again with ”ufw status; the final output should be;

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
Nginx Full                 ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
Nginx Full (v6)            ALLOW       Anywhere (v6)

Now, let’s run the cerbot command to obtain the SSL

root@testserver:~# certbot --nginx -d -d

If you are using Certbot for the first time, you will be requested to enter your email address and confirm your acceptance of the terms of service. Following this, Certbot will connect to the Let’s Encrypt server and launch a challenge to verify that you are the domain owner for which you are applying for a certificate.

If successful, you will have the output below;

 Congratulations! You have successfully enabled and

You should test your configuration at:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 - Congratulations! Your certificate and chain have been saved at:
   Your key file has been saved at:
   Your cert will expire on 2023-11-20. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:
   Donating to EFF:          

Congratulations, you have successfully installed the SSL. Examine your browser’s security indicator after reloading your webpage with the https:// protocol. It should display a lock icon to ensure the website is properly secured.

Was this article helpful?

Related Articles

Leave A Comment?

This site uses Akismet to reduce spam. Learn how your comment data is processed.