Securing Your Nginx Website with Lets Encrypt and Certbot

Create 2023-21-03


by Georg R. Pollak

Securing Your Nginx Website with Let's Encrypt and Certbot


Let's Encrypt is a free, automated, and open Certificate Authority, providing SSL/TLS certificates for secure website communication. Certbot is a widely used tool that automates the process of obtaining and renewing Let's Encrypt certificates.


Before you start, ensure you have:

Step 1: Install Let's Encrypt and Certbot

sudo apt update
sudo apt install certbot python3-certbot-nginx

Step 2: Obtain SSL Certificate

Run Certbot to obtain and install the SSL certificate:

sudo certbot --nginx -d -d

Follow on-screen prompts. Certbot will auto-update your Nginx config.

Step 3: Verify Auto-Renewal

Certbot auto-sets renewal tasks. Test renewal with:

sudo certbot renew --dry-run

Nginx Configuration

After Certbot, Nginx config is updated. Here's an example:

server {
    listen 80;
    location / {
        return 301 https://$host$request_uri;

server {
    listen 443 ssl;

    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;

    # Additional SSL config...

    location / {
        # Your Nginx config...

This Nginx config redirects HTTP to HTTPS, including Let's Encrypt SSL certificate paths.


Your Nginx website is now secured with Let's Encrypt SSL. Periodically check and renew certificates for continuous security.

For details, refer to Certbot documentation and Let's Encrypt documentation.