Secure Nginx with Let’s Encrypt on Ubuntu 20.04

In this article, we want to teach you How To Secure Nginx with Let’s Encrypt on Ubuntu 20.04. Let’s Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers.

You can now proceed to the guide steps below provided on the Orcacore website to start securing your Nginx by generating SSL certificates from Let’s Encrypt.

How To Secure Nginx with Let’s Encrypt on Ubuntu 20.04?

Before you start to secure your Nginx, you need to meet some requirements.

You need to log in to your server as a non-root user with sudo privileges and set up a basic firewall. To do this, you can follow our article on the Initial Server Setup with Ubuntu 20.04.

Also, you need to have Nginx installed on your server and set up its server block. For this, you can check How To Install Nginx on Ubuntu 20.04.

And you need to have a fully registered domain name that points to your server IP address.

Now, follow the steps below to Secure Nginx with Let’s Encrypt.

1. Install Certbot on Ubuntu 20.04

Here you need to install certbot and its Nginx plugin with the following command:

sudo apt install certbot python3-certbot-nginx -y

Then, you should check the Nginx configuration file on Ubuntu 20.04 and check that the server name points to your domain name. Open the file with your favorite text editor, here we use vi:

sudo vi /etc/nginx/sites-available/example.com

Remember to replace your domain name in the commands.

Find the server_name line, and it should look like this:

...
server_name example.com www.example.com;
...

When you are done, save and close the file.

Verify your Nginx configuration edits on Ubuntu 20.04 with the following command:

sudo nginx -t

In your output, you will see:

Output
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Then, reload Nginx to apply the new changes:

sudo systemctl reload nginx

2. Configure Firewall Settings

At this point, you should allow HTTPS through the firewall to secure your Nginx on Ubuntu 20.04. First, check your firewall status with the following command:

sudo ufw status

In your output, you will see:

Output
Status: active
To                         Action      From
--                         ------      ----
Nginx HTTP                 ALLOW       Anywhere
OpenSSH                    ALLOW       Anywhere
Nginx HTTP (v6)            ALLOW       Anywhere (v6)
OpenSSH (v6)               ALLOW       Anywhere (v6)

You should allow Nginx Full through the firewall and delete the Nginx HTTP with the following commands on Ubuntu 20.04:

$ sudo ufw allow 'Nginx Full'
$ sudo ufw delete allow 'Nginx HTTP'

Now you can start to run certbot and get your SSL certificate.

3. Get an SSL certificate with Let’s Encrypt on Ubuntu 20.04

Certbot provides different ways to get SSL certificates through plugins. The Nginx plugin will take care of reconfiguring Nginx and reloading the config whenever necessary on Ubuntu 20.04. To use this plugin, run the following command:

sudo certbot --nginx -d example.com 

The above command will be used for a single domain. If you have multiple domains, you can use the following command:

sudo certbot --nginx -d example.com -d www.example.com

You will be asked some questions. The first is to enter your email address and agree to the terms of service. Then, you will be asked Would you be willing to share your email address with the Electronic Frontier Foundation. Answer it at your choice. Also, certbot will ask you how you’d like to configure your HTTPS settings. Select your choice and hit Enter.

In your output, you will see:

Get an SSL certificate with Let's Encrypt on Ubuntu 20.04

Here, your SSL certificates are downloaded, installed, and loaded. Your Nginx is secured with Let’s Encrypt on Ubuntu 20.04. Now you can load your website by https:// and notice your browser’s security indicator.

Also, you can use the SSL Labs Server Test to get an A grade.

4. Renew SSL Certificates From Let’s Encrypt

As you know, Let’s Encrypt certificates are valid for 90 days. Because of this, you can renew your process. The certbot package takes care of this for us by adding a systemd timer that will run twice a day and automatically renew any certificate that’s within thirty days of expiration. You can query the status of the timer with the following command:

sudo systemctl status certbot.timer
certbot timer

Now you can test the renewal process with certbot:

sudo certbot renew --dry-run

If you don’t see any errors, it means that everything is ok.

Conclusion

At this point, you have learned to secure Nginx with Let’s Encrypt on Ubuntu 20.04. With the help of Certbot, the setup process is straightforward, automated, and completely free. Once configured, HTTPS ensures encrypted communication, improved SEO, and trustworthiness for your site. Regular automatic renewals also mean minimal maintenance. In short, it’s a fast, reliable, and secure solution for modern web hosting.

Hope you enjoy it. You may also like to read the following articles:

Install PHP 8.2 on Ubuntu 20.04

Install Python 3.11 on Ubuntu 20.04

Install GitLab on Ubuntu 20.04

Setting up Netdata on Ubuntu 20.04

Share your love

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Stay informed and not overwhelmed, subscribe now!