Preloader
Logo

Office Address

14/22AB4, 2nd Floor, KC Arcade
CSEZ, 24/1701, Kochi
Kerala, India

Phone Number

+91 96555 10508

+91 77362 51469

Email Address

business@cybosys.in

Blog Details

Securing Nginx with Let’s Encrypt on Ubuntu 20.04

This guide outlines the steps to enhance the security of your Nginx web server on an Ubuntu 20.04 system by implementing a free SSL/TLS certificate from Let’s Encrypt. By securing your site with HTTPS, you protect data in transit and boost user trust.

Prerequisites

Before proceeding, ensure the following are in place:

  • An Ubuntu 20.04 server configured with a non-root user with sudo privileges.
  • Nginx installed and actively serving a website.
  • A registered domain name pointed to your server’s public IP address.
  • A basic understanding of command-line operations.

Step 1: Installing Certbot and Its Nginx Plugin

Certbot automates the process of obtaining and renewing Let’s Encrypt certificates. Install it along with the Nginx plugin.

  1. Update the package list: 
    sudo apt update
  2. Install Certbot and the Nginx plugin: 
    sudo apt install certbot python3-certbot-nginx

Step 2: Configuring Nginx for Certbot

Certbot needs your Nginx configuration to be set up correctly to automate certificate issuance.

  1. Open your Nginx configuration file (e.g., /etc/nginx/sites-available/your_domain): 
    sudo nano /etc/nginx/sites-available/your_domain
  2. Ensure the server_name directive matches your domain: 
    server_name your_domain www.your_domain;
  3. Verify the configuration syntax: 
    sudo nginx -t
  4. Restart Nginx if changes were made: 
    sudo systemctl restart nginx

Step 3: Obtaining an SSL Certificate

Use Certbot to acquire and configure an SSL certificate for your domain.

  1. Run Certbot with the Nginx plugin: 
    sudo certbot --nginx -d your_domain -d www.your_domain
  2. Follow the prompts to agree to terms and select options (e.g., redirect HTTP to HTTPS).
  3. Certbot will automatically update your Nginx configuration to use the new certificate.

Step 4: Verifying the SSL Certificate

Check that your site is now served over HTTPS.

  1. Visit https://your_domain in a browser to confirm the site loads securely.
  2. Use an online tool (e.g., SSL Labs’ SSL Test) to validate the certificate’s security.

Step 5: Setting Up Auto-Renewal

Let’s Encrypt certificates expire every 90 days. Set up auto-renewal to keep your site secure.

  1. Test the renewal process: 
    sudo certbot renew --dry-run
  2. Certbot includes a cron job or systemd timer to handle renewals. Verify it’s active: 
    sudo systemctl list-timers
  3. Look for certbot.timer to ensure automatic renewals are scheduled.

Step 6: Troubleshooting

Address common issues that may arise during setup.

  • Certificate renewal fails: Check logs with sudo journalctl -u certbot.
  • Nginx errors: Review /var/log/nginx/error.log with sudo tail -f.
  • Domain not resolving: Ensure DNS records are correctly configured.

Conclusion

You’ve successfully secured your Nginx server on Ubuntu 20.04 with a Let’s Encrypt SSL certificate. This setup ensures encrypted communication, enhancing both security and user confidence. Regularly monitor certificate status and renewals to maintain protection.

Tags:
Share:

Request A Call Back

Ever find yourself staring at your computer screen a good consulting slogan to come to mind? Oftentimes.