💡 Big News! 🧙 AI Wizard - Instant Page Insights is Here : Explore Smarter, Friendlier Solutions Just for You →
Linux
Web-Server
Nginx
Nginx

Comprehensive Guide to Nginx with SSL Certificates Using Let's Encrypt

Table of Contents

  1. Introduction
  2. Prerequisites
  3. Install Nginx
  4. Configure Nginx
  5. Install Certbot for Let's Encrypt
  6. Obtain SSL Certificates
  7. Configure Nginx for SSL
  8. Renewing SSL Certificates
  9. Example Nginx Configuration
  10. Useful Commands
  11. Conclusion

Introduction

Nginx is a powerful web server that can also function as a reverse proxy, load balancer, and HTTP cache. Adding SSL certificates from Let's Encrypt enhances the security of your server by encrypting traffic between the server and clients.

Prerequisites

  • A server running Ubuntu or a similar Linux distribution
  • A domain name pointed to your server's IP address
  • Access to the server via SSH with sudo privileges

Install Nginx

First, ensure your package list is up to date and then install Nginx.

sudo apt update
sudo apt install nginx -y

After installation, start and enable Nginx.

sudo systemctl start nginx
sudo systemctl enable nginx

Configure Nginx

Create a basic configuration for your site.

sudo nano /etc/nginx/sites-available/example.com

Add the following content:

server {
    listen 80;
    server_name example.com www.example.com;
 
    root /var/www/example.com/html;
    index index.html index.htm;
 
    location / {
        try_files $uri $uri/ =404;
    }
}

Create the root directory for your site and link the configuration file to the sites-enabled directory.

sudo mkdir -p /var/www/example.com/html
sudo chown -R $USER:$USER /var/www/example.com/html
sudo chmod -R 755 /var/www/example.com
 
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx

Install Certbot for Let's Encrypt

Certbot is a client that automates the process of obtaining and renewing SSL certificates from Let's Encrypt.

sudo apt install certbot python3-certbot-nginx -y

Obtain SSL Certificates

Run the following command to obtain an SSL certificate:

sudo certbot --nginx -d example.com -d www.example.com

Follow the prompts to complete the installation. Certbot will automatically edit your Nginx configuration to use the obtained certificate.

Configure Nginx for SSL

Ensure that your Nginx configuration uses the SSL certificates provided by Let's Encrypt.

sudo nano /etc/nginx/sites-available/example.com

Your configuration should look like this:

server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://$host$request_uri;
}
 
server {
    listen 443 ssl;
    server_name example.com www.example.com;
 
    root /var/www/example.com/html;
    index index.html index.htm;
 
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
    location / {
        try_files $uri $uri/ =404;
    }
}

Renewing SSL Certificates

Let's Encrypt certificates are valid for 90 days. Certbot provides a renewal mechanism. Test the renewal process with:

sudo certbot renew --dry-run

A cron job should be set up by default to handle renewals. You can verify this by checking the /etc/cron.d directory.

Example Nginx Configuration

Here is a more detailed example of an Nginx configuration with SSL.

server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://$host$request_uri;
}
 
server {
    listen 443 ssl http2;
    server_name example.com www.example.com;
 
    root /var/www/example.com/html;
    index index.html index.htm;
 
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
    location / {
        try_files $uri $uri/ =404;
    }
 
    location ~ /\.ht {
        deny all;
    }
}

Useful Commands

Here are some useful commands for managing Nginx and SSL certificates:

Nginx Commands

  • Test Configuration: sudo nginx -t
  • Restart Nginx: sudo systemctl restart nginx
  • Start Nginx: sudo systemctl start nginx
  • Stop Nginx: sudo systemctl stop nginx

Certbot Commands

  • Obtain Certificate: sudo certbot --nginx -d example.com -d www.example.com
  • Renew Certificate: sudo certbot renew
  • Renew Certificate (Dry Run): sudo certbot renew --dry-run

Conclusion

By following this guide, you have set up Nginx on your server with SSL certificates from Let's Encrypt. This setup ensures that your website traffic is encrypted and secure. Regularly renewing your SSL certificates is crucial to maintain this security.

ApacheNginx Allow under Header
🧙 AI Wizard - Instant Page Insights

Click the button below to analyze this page.
Get an AI-generated summary and key insights in seconds.
Powered by Perplexity AI!